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(Or “How | learned to start worrying and love privacy anonymity”) 
Version 1.1.2, January 2022 by Anonymous Planet 


This guide is a work in progress. While | am doing the best | can to correct issues, inaccuracies, and improve the 
content, general structure, and readability; it will probably never be “finished”. 


There might be some wrong or outdated information in this guide because no human is omniscient, and humans 
do make mistakes. Please do not take this guide as a definitive gospel or truth because it is not. Mistakes have 
been written in the guide in earlier versions and fixed later when discovered. There are likely still some mistakes 
in this guide at this moment (hopefully few). Those are fixed as soon as possible when discovered. 


Your experience may vary. Remember to check regularly for an updated version of this guide. 


This guide is a non-profit open-source initiative, licensed under Creative Commons Attribution-NonCommercial 4.0 
International (cc-by-nc-4.0 “"*"el), See the license at the end of the document. 


e For mirrors see Appendix A6é: Mirrors 
e For help in comparing versions see Appendix A7: Comparing versions 


Feel free to submit issues (please do report anything wrong) using GitHub Issues at: 
https://github.com/AnonymousPlanet/thgtoa/issues 


Feel free to come to discuss ideas at: 
e GitHub Discussions: https://github.com/AnonymousPlanet/thgtoa/discussions 
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e Discord Server: https://discord.gg/V8dmd9y7mt 
e Matrix/Element Room: ““#anonymity:matrix.org’ https://matrix.to/#/Hanonymity:matrix.org 
e Matrix Space regrouping several rooms with similar interests: #privacy-security-anonymity:matrix.org 
https://matrix.to/#/#privacy-security-anonymity:matrix.org. 
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e Twitter at https://twitter.com/AnonyPla*! (cannot guarantee this account will stay up for long tho) 
e Mastodon at https://mastodon.social/@anonypla. 


To contact me, see the updated information on the website or send an e-mail to contact@anonymousplanet.org 


Please consider donating if you enjoy the project and want to support the hosting fees or support the funding of 
initiatives like the hosting of Tor Exit Nodes. 


There are several ways you could read this guide: 

e You want to understand the current state of online privacy and anonymity not necessarily get too technical 
F) ofoL0] mi | eam LOLs am a= r-Lo dal =W lalugole[U[oudLolayan<-Yo[0]| a=) aal=lal asym Ol ale (1 acit=]alel [al-mcYolaalem of-K) (emo) male) acre) ealom laliolsaat-ialelamerlal 
K=¥-Xe of (ol ai KoMnYZoLU I~] 10M alo) Vm Kom aaliuf-x-1ncmualok\ou-| ale W-Wilat-]m-Yolio)at-) male) K-mc-1e i(0) aioe 

Cia ColU In 7-] alan xem ole dal-u-] o[e)¥{-m ol] ar-] Yom (=¥-] gn aloha KoMa=laqte)i-mro)aat-Molalilal=mialielanarcid(e)am-| exel0] miele Mm (Ulsan g-r-o lm dats 
above and add the Removing some traces of your identities on search engines and various platforms. 
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whole guide. 


Precautions while reading this guide and accessing the various links: 


e Documents/Files have a [Archive.org] link next to them for accessing content through Archive.org for 
increased privacy and in case the content goes missing. Some links are not yet archived or outdated on 
archive.org in which case | encourage you to ask for a new save if possible. 
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e YouTube Videos have a [Invidious] link next to them for accessing content through an Invidious Instance (in 
this case yewtu.be hosted in the Netherlands) for increased privacy. It is recommended to use these links 
when possible. See https://github.com/iv-org/invidious e-°'8] for more information. 

e =©Twitter links have a [Nitter] link next to them for accessing content through a Nitter Instance (in this case 
nitter.net) for increased privacy. It is recommended to use these links when possible. See 
https://github.com/zedeus/nitter 4"e-°8l for more information. 

e Wikipedia links have a [Wikiless] link next to them for accessing content through a Wikiless Instance (in this 
case Wikiless.org) for increased privacy. It is recommended to use these links when possible. See 
https://codeberg.org/orenom/wikiless 4"*°'l for more information. 

e Medium links have [Scribe.rip] link next to them for accessing content through a Scribe.rip Instance for 
increased privacy. Again, it is recommended to use these links when possible. See https://scribe.rip/ “"he-°'8) 
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e If you are reading this in PDF or ODT format, you will notice plenty of ~~ in place of double quotes (“”). These 
“are there to ease conversion into Markdown/HTML format for online viewing of code blocks on the 
website. 


If you do not want the hassle and use one of the browsers below, you could also just install the following extension 
on your browser: https://github.com/SimonBrazell/privacy-redirect Archiver]; 


e Firefox: https://addons.mozilla.org/en-US/firefox/addon/privacy-redirect/ 
e Chromium-based browsers (Chrome, Brave, Edge): https://chrome.google.com/webstore/detail/privacy- 
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If you are having trouble accessing any of the many academic articles referenced in this guide due to paywalls, feel 
free to use Sci-Hub (https://en.wikipedia.org/wiki/Sci-Hub "2s! Archive.orél) or LibGen 
(https://en.wikipedia.org/wiki/Library_Genesis ''«"'*ss! 4rchive.orsl) for finding and reading them. Because Science 
should be free. All of it. If you are faced with a paywall accessing some resources, consider using https://12ft.io/. 


Finally note that this guide does mention and even recommends various commercial services (such as VPNs, CDNs, e- 
mail providers, hosting providers...) but is not endorsed or sponsored by any of them in any way. There are no 
referral links and no commercial ties with any of these providers. This project is 100% non-profit and only relying 
on donations. 
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APPeNndixCA72COMpPariNnG VEMSIONSccccccecccececccceccececcsccececccccescccsccccccccccceccccccecccceccccccccccccccceccecccccectecccecccccecccccccececccccccecctecccceccctece 237 
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GeneraliGry DtorSWaPDING i acesvectesscss corset soeavasces cases sence tevecsverss ea iecioas cous Pea tees eieeed sae sea steer aes teterrecte ieee FadeeeseeeeeedeeT cress ter eeaseeneesv es rete 237 
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Appendix A9: Installingia:Zcash' walletssicccccccc.cccccceckeccavecteccucecteccevececccuvecteccevectvccuvecteccevecececusectcecovecesccusecteccosecececevecscecovecececece 237 
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WRONIEWOrKStationel 6: ViVice crn csciss si ceteas cscs age cete rcs ee iecs teesieceecasenes eeeseien cits tees treet eraer eet ae ni eee ees ener toto me ee rata ec eeenes ear ce Tene epeeertes 238 
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Appendix’ B2:iMomenro: DISCIAIMEN cccccccccccscccecccceccescccccccsceccecesceccccescecccccccececccececcccccceccccescecccccccecececccoccccecceccccescosccccccececececercccesce yz.}:5 
Appendix B3:Threat modeling TESOUNCESccccc-ceccccsseescccscecscccscccsccsscccscccecccscecececscececccscccccacccccacccnccencceccccncccncccececsccencacsecencneseeenes 239 
LICONSO2e. see. cielizcosscesssosscossvesucessuosscodevesucedsueducedadesucessuessceduvesucudevedsceduvesusedsnedsceduvesssedsdedscetevessseducedsceduvesusedsgedscetevesusedseedscetecesses yx}) 


Pre-requisites and limitations: 


Pre-requisites: 

e Understanding of the English language (in this case US English). 

e Bea permanent resident in Germany where the courts have upheld up the legality of not using real names 
on online platforms (§13 VI of the German Telemedia Act of 20072). Alternatively, be a resident of any 
other country where you can confirm and verify the legality of this guide yourself. 

e This guide will assume you already have access to some (Windows/Linux/macOS) laptop computer (ideally 
not a work/shared device) and a basic understanding of how it works. 

e Have patience as this process could take several weeks to complete if you want to go through all the 
content. 

e Have some free time on your hands to dedicate to this process (or a lot depending on the route you pick). 

e Be prepared to read a lot of references (do read them), guides (do not skip them), and follow a lot of how-to 
tutorials thoroughly (do not skip them either). 

e Don’t be evil (for real this time)?. 


My aaviechale alse 
This guide is not intended for: 
e Creating machine accounts of any kind (bots). 
e Creating impersonation accounts of existing people (such as identity theft). 
e Helping malicious actors conduct unethical, criminal, or illicit activities (such as trolling, stalking, 
Colt ialielaaat-la(olapmanlkyiaycelaaat-la(olapmar-la-ksciearslaiem ol) IN [0\-o B 
e Use by minors. 


Taldgeyeleleidtolan 
TLDR for the whole guide: “A strange game. The only winning move is not to play” *. 


Making a social media account with a pseudonym or artist/brand name is easy. And it is enough in most use cases to 
protect your identity as the next George Orwell. There are plenty of people using pseudonyms all over 
Facebook/Instagram/Twitter/LinkedIn/TikTok/Snapchat/Reddit/... But the vast majority of those are anything but 


1 English translation of German Telemedia Act https://www.huntonprivacyblog.com/wp- 
content/uploads/sites/28/2016/02/Telemedia_Act__ TMA_.pdf “hive el, Section 13, Article 6, “The service provider must 
enable the use of Telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible 
and reasonable. The recipient of the service is to be informed about this possibility. “. 

2 Wikipedia, Real-Name System Germany https://en.wikipedia.org/wiki/Real-name_system#Germany !Wikiless] [Archive.org] 
3 Wikipedia, Don’t be evil https://en.wikipedia.org/wiki/Don%27t_be_evil 'Wikiless] [Archive.org] 


4 YouTube, https://www.youtube.com/watch ?v=6DGNZnfKYnU "idious] 
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(Obst INI () ol=Taesyolelae-M lain) l(-<-lales) ReolanlaalelalinvAaeclareimage)| (hate) aie-Col ara 


This is a good thing as most criminals/trolls are not tech-savvy and will usually be identified with ease. But this is also 
a terrible thing as most political dissidents, human rights activists and whistleblowers can also be tracked rather 
easily. 


ai alicw-40l (ol -W-)[aaksm nou ©) ao) (o(=W-laMlaiugoyelU(ed (ola omr-]a(olUismol-tr-Jalelahvaaly-1ulelamncvoalal(ol0l-spmmag-(o1.d[al-mn-voialal(o[U[-\ym |D) 

V{=l ana cer-1u lo) am <=1e1a)al(o[6l=ssyur-] ale me) ola (o)ar-] 40] (ol-]aleccm mo ola=y-idlajcar-lalemaat-liaie-lialial-mae-t-xolir-le)\ar-larem eae medal iiarem-larelan @anrelelsy 
ol=Yavaiutcscm late lUlol lal-mcfoel =] maat=Yolt-W-(aeel0) a1ucmcr-)i-) \VAm Malm are lUle liom aat-|iatcidact-]oal o)t-lu ie) aa ace lalom ale) mela) \midalom eo) @iV/-(e\\ 
friendly ones. 


Lami lan) eXela t=) alemnom vl atel-lacim-]aleMaat-lmdarom ol0]g olok-Mo) mia) wae) (elm (cm) alelahvaaalinvar-]alem aloyan 6 ici) dl¥c- Loy’ oLU] maa [U(ola io) mi a\=) 
guidance you will find here will also help you improve your privacy and security even if you are not interested in 
anonymity. There is an important overlap in techniques and tools used for privacy, security, and anonymity but they 
differ at some point: 


e Privacy is about people knowing who you are but not knowing what you are doing. 
e Anonymity is about people knowing what you are doing but not knowing who you are °. 


PRIVACY ANONYMITY 





([Uisteclarelamineleaka) 


Will this guide help you protect yourself from the NSA, the FSB, Mark Zuckerberg, or the Mossad if they are out to 
find you? Probably not ... Mossad will be doing “Mossad things” 2° and will probably find you no matter how hard 
you try to hide’. 


[22 


You must consider your threat model** before going further. 


5 Wikipedia, OSINT https://en.wikipedia.org/wiki/Open-source_intelligence [Wikies] [Archive.org] 

5 YouTube Internet Historian Playlist, HWNDU 

a1ae XS PAA AWANZOLULNU] oX=MetolonVA9) F-NVA[ieta lca lod Mat-M AQ WLU ESAV/ 01°) UWP A0] OLN > PASK7=1 -1)\ 1 01@) Vp uname 

7 Wikipedia, 4chan https://en.wikipedia.org/wiki/4chan Wikies] [Archive.org] 

8 PIA, See this good article on the matter https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from- 
EYatodgn /nalinvaclalcdanerclacm clold abelian clelae-]a1d Mammalian Col xolTiaalclom ania sm atelaclamelateloleclatcia mel macteedialaalclaleeletlamielma als 
commercial service). 


sau V/-YollU laa Meo) aap aa ivZ-(en Aan =) eLel.<olareTiablato Mm @lal(olamaxelenel alain estymanal-TellelaamerelsaVAblalinZeist-ViayA elaivZ-le\ ae) (ele.celal-linmr-lalemelal(olamaelehaia\oxs 
d5609c611341 [Scribe-rip] [Archive.org] 

10 This World of Ours, James Mickens https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf [A'chive ore] 

11 XKCD, Security https://xkcd.com/538/ Archive-crs] 

12 Wikipedia, Threat Model https://en.wikipedia.org/wiki/Threat_model !Wikiless] [Archive.org] 
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A CRYPTO NERDS WHAT WOU 
IMAGINATION: ACTUALLY bil il 
HIS LAPTOP'S ENCRYPTED. HIS LAPTOP'S ENCRYPTED. 
LETS BUILD A MILLION-DOLLAR DRUG HIM AND HIT See oni Wit 
a To CRACK IT. THIS $5 WRENCH UNTIL 
NO GooD! IT's HE i US THE PASSWORD. 


were -BIT ; “i IT. 


eM Lg 


“as Re 


(IIlustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) 





Will this guide help you protect your privacy from OSINT researchers like Bellingcat??, Doxing”* trolls on 4chan*®, and 
Cold a{=)acm ud ay- lem at \,-m al omr-[eel=\Mh oN alo \ bsY-Wanole) | ole) dam \V/ Co) aM ll. <=1hV Am Malo nV (Z010] (ol alo) ml ol-McYo R10] qM-] ofo1U] m-Kolal-] a 


Here is a basic simplified threat model for this guide: 


e Unskilled e Unskilled e Skilled e Skilled le Highly Skilled 













e Unmotivated e Motivated e Unmotivated e Motivated e Highly Motivated 
e Limited global e Unlimited global 

Your family, friends | Advertisers are They could look into resources resources 

or boyfriend/ tracking you you but you’re not 

girlfriend are a bit passively. HR people | doing anything of Trolls, OSINT The NSA/FSB/MSS/ 

curious about your | are just Googling you | interest and you Researchers, Mossad is looking for 

activities. for a background don’t matter. Corporations, Local | you. 
check. Law Enforcement... 

e Set good e Add 2FAto e Allofthe previous |e This guide is your |e Try magical 
passwords to passwords. and: friend. ET (-1eMel g 
protect your e Use Adblocking e Use Tor Browser. invisibility cloaks. 
devices. Tae Mateos saline) e Use VPNs. e Liveina 

e Use incognito Titele (= e Consider using a submarine. 
modes. e Set your accounts dedicated phone e Fake your own 

e Set your social Private. number for death. 
accounts to e Use pseudonyms accounts. They will find you 
private. and branding. over time. 





(Note that the “magical amulets/submarine/fake your own death” jokes are quoted from the excellent article “This World of 
Ours” by James Mickens, 2014above?°) 


Disclaimer: Jokes aside (magical amulet...). Of course, there are also advanced ways to mitigate attacks against such 
Vo eelalectomr-)ave Mc 4] (clo m-lehi-lact- la (tom olU] mn da lolYou- | qom [UK] mO]0] ao) md al-M{oro) o(- Me) im val icw-40)(o( em lem (ol aU Lol-1 IVa laal ole) ae-lalmdar-lmnvZol0) 
Ufatel-lacim-)alemaarem (iaaliacmo) md a\omua)a=r-] amp acole(=) Me) mualicm-40](ol-Mw-NaleMaal-la-yco)a-vmaalowe40](e(omW/1| Mavelmelel]o) (<M lam P4-m Koll al-llomu aida 
those advanced mitigations as this is just too complex and will require an exceedingly high knowledge and skill level 
that is not expected from the targeted audience of this guide. 


The EFF provides a few security scenarios of what you should consider depending on your activity. While some of 
ivakessomd] osm aalts4 al mmalelal oMUAidallaMmdal=Mc{oro) oY-Moy amd al icwe40l(0(oM (gale) am] oLeLUiml TalVccloaVmdar-laW-Valelan’onlia’d Pmaalc\Varlecmidl IMNVolaan 
reading as examples. See https://ssd.eff.org/en/module-categories/security-scenarios A’hive-crs), 


If you want to go deeper into threat modeling, see Appendix B3: Threat modeling resources. 


13 Bellingcat https://www.bellingcat.com/ Archive-crsl 
14 Wikipedia, Doxing https://en.wikipedia.org/wiki/Doxing /ikiless] [Archive.org] 


15 YouTube, Internet Historian, The Bikelock Fugitive of Berkeley https://www.youtube.com/watch ?v=muoR8Td44UE LInvidious] 
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167 177 187 197 207 217 22 such as: 


You might think this guide has no legitimate use but there are many 
e Evading Online Censorship? 
e Evading Online Oppression 
e Evading Online Stalking, Doxxing, and Harassment 
e Evading Online Unlawful Government Surveillance 
e Anonymous Online Whistle Blowing 
e Anonymous Online Activism 
Cir -Naredalaatelerm@laliiat=wlollgar-lisiaa) 
e Anonymous Online Legal Practice 
e Anonymous Online Academic Activities (For instance accessing scientific research where such resources are 
blocked). See note below. 


This guide is written with hope for those good-intended individuals who might not be knowledgeable enough to 
(Xo) al-j(o(-1an dare o)f =m o)(oidU | x-Mo) medal ifaremelalelan@anliavaclacen oleh il ave 


Lastly, use it at your own risk. Anything in here is not legal advice and you should verify compliance with your 
local law before use (IANAL”). “Trust but verify””® all the information yourself (or even better, “Never Trust, 
always verify”2*1). | strongly encourage you to inform yourself and do not hesitate to check any information in this 
guide with outside sources in case of doubt. Please do report any mistake you spot to me as | welcome criticism. 
Even harsh but sound criticism is welcome and will result in having the necessary corrections made as quickly as 
possible. 


Understanding some basics of how some information can lead back to you and 


how to mitigate some: 


There are many ways you can be tracked besides browser cookies and ads, your e-mail, and your phone number. 
And if you think only the Mossad or the NSA/FSB can find you, you would be wrong. 


First, you could also consider these more general resources on privacy and security to learn more basics: 


e The New Oil*: https://thenewoil.org/ Achive-crs] 

e  Techlore videos*: https://www.youtube.com/c/Techlore !vidious] 
e Privacy Guides: https://privacyguides.org/ Achive-orel 

e Privacy Tools*: https://privacytools.io 4rchve-rs] 


* Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not 
endorse and is not sponsored by any commercial entity in any way. 


If you skipped those, you should really still consider viewing this YouTube playlist from the Techlore Go Incognito 
project (https://github.com/techlore-official/go-incognito “"he-°'8]) as an introduction before going further: 
https://www.youtube.com/playlist?list=PL3KeV6Ui_4CayDGHw640FXEPHgXLkrtJO "sous, This guide will cover 


16 BBC News, Tor Mirror https://www.bbc.com/news/technology-50150981 Archive.ore] 
17 GitHub, Real World Onion websites https://github.com/alecmuffett/real-world-onion-sites A’chiveorel 


18 Tor Project, Who Uses Tor https://2019.www.torproject.org/about/torusers.html.en [rchive.crel 


19 Whonix Documentation, The importance of Anonymity https://www.whonix.org/wiki/Anonymity *hive-crsl 


20 Geek Feminism, https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F [Archive.orel 





21 Tor Project, Tor Users https://2019.www.torproject.org/about/torusers.html.en Archivecrel 

22 PrivacyHub, Internet Privacy in the Age of Surveillance https://www.cyberghostvpn.com/privacyhub/internet-privacy- 
surveillance/ [Archiveore] 

3 PIA Blog, 50 Key Stats About Freedom of the Internet Around the World 
https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/ Archiveorel 
24 Wikipedia, IANAL https://en.wikipedia.org/wiki/IANAL 'Wikiless] [Archive org] 


25 Wikipedia, Trust but verify https://en.wikipedia.org/wiki/Trust,_but_verify 'Wikless] [Archive.org] 
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many of the topics in the videos of this playlist with more details and references as well as some added topics not 
covered within that series. This will just take you 2 or 3 hours to watch it all. 


Now, here is a non-exhaustive list of some of the many ways you could be tracked and de-anonymized: 


Your Network: 


Your IP address: 
Disclaimer: this whole paragraph is about your public-facing Internet IP and not your local network IP. 


Your IP address”° is the most known and obvious way you can be tracked. That IP is the IP you are using at the 
source. This is where you connect to the internet. That IP is usually provided by your ISP (Internet Service Provider) 
(xDSL, Mobile, Cable, Fiber, Cafe, Bar, Friend, Neighbor). Most countries have data retention regulations2’ that 
mandate keeping logs of who is using what IP at a certain time/date for up to several years or indefinitely. Your ISP 
can tell a third party that you were using a specific IP at a specific date and time, years after the fact. If that IP (the 
original one) leaks at any point for any reason, it can be used to track down you directly. In many countries, you will 
not be able to have internet access without providing some form of identification to the provider (address, ID, real 
name, e-mail ...). 

Needless to say, that most platforms (such as social networks) will also keep (sometimes indefinitely) the IP 
addresses you used to sign-up and sign into their services. 


Here are some online resources you can use to find some information about your current public IP right now: 
e Find your IP: 
o  https://resolve.rs/ 
o  https://www.dnsleaktest.com/ (Bonus, check your IP for DNS leaks) 
Cie si faXolnvZo)0] am | ram (oler-\d(o) ao) an va(om (oler- idle) ame) mr-] aN’ lus 
o  https://resolve.rs/ip/geolocation.html 
e Find if an IP is “suspicious” (in blocklists) or has downloaded “things” on some public resources: 
o  https://mxtoolbox.com/blacklists.aspx 
CoM A144 SHV PANAWVAWAA AUIS Kele=] Meco) enV A401 / Ante) antayactst-] cea} 
o https://iknowwhatyoudownload.com (Take this with a grain of salt, it might not show anything 
interesting and has limited data sources. This is more for fun than anything serious.) 
e Registration information of an IP (most likely your ISP or the ISP of your connection who most likely know 
who is using that IP at any time): 
o https://whois.domaintools.com/ 
e Check for open-services or open devices on an IP (especially if there are leaky Smart Devices on it): 
o  https://www.shodan.io/host/185.220.101.134 (replace the IP by your IP or any other, or change in 
the search box, this example IP is a Tor Exit node) 
e Various tools to check your IP such as block-lists checkers and more: 
o  https://browserleaks.com/ip 
oo https://www.whatismyip.com 
e Would you like to know if you are connected through Tor? 
o  https://check.torproject.org 


For those reasons, we will need to obfuscate and hide that origin IP (the one tied to your identification) or hide it as 
much as we can through a combination of various means: 

e Using a public Wi-Fi service (free). 

e Using the Tor Anonymity Network”® (free). 

e Using VPN”? services anonymously (anonymously paid with cash or Monero). 


26 Wikipedia, IP Address, https://en.wikipedia.org/wiki/IP_address 'Wikiless] [Archive.org] 

27 Wikipedia; Data Retention https://en.wikipedia.org/wiki/Data_retention Wikies] [Archive.ore] 

28 Wikipedia, Tor Anonymity Network https://en.wikipedia.org/wiki/Tor_(anonymity_network) Wikies] [Archive org] 
29 Wikipedia, VPN https://en.wikipedia.org/wiki/Virtual_private_network Wikies] [Archive.org] 
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Do note that, unfortunately, these solutions are not perfect, and you will experience performance issues”. 


All those will be explained later in this guide. 


Your DNS and IP requests: 

DNS stands for “Domain Name System”** and is a service used by your browser (and other apps) to find the IP 
addresses of a service. It is a huge “contact list” (phone book for older people) that works like asking it aname and it 
returns the number to call. Except it returns an IP instead. 


31 


Every time your browser wants to access a certain service such as Google through www.google.com. Your Browser 
(Chrome or Firefox) will query a DNS service to find the IP addresses of the Google web servers. 


Here is a video explaining DNS visually if you are already lost: https://www.youtube.com/watch?v=vrxwXXytEul 
[Invidious] 

Usually, the DNS service is provided by your ISP and automatically configured by the network you are connecting to. 
This DNS service could also be subject to data retention regulations or will just keep logs for other reasons (data 
collection for advertising purposes for instance). Therefore, this ISP will be capable of telling everything you did 
online just by looking at those logs which can, in turn, be provided to an adversary. Conveniently this is also the 
easiest way for many adversaries to apply censoring or parental control by using DNS blocking”. The provided DNS 
servers will give you a different address (than their real one) for some websites (like redirecting thepiratebay.org to 
some government website). Such blocking is widely applied worldwide for certain sites*’. 


Using a private DNS service or your own DNS service would mitigate these issues, but the other problem is that most 
of those DNS requests are by default still sent in clear text (unencrypted) over the network. Even if you browse 
PornHub in an incognito Window, using HTTPS and using a private DNS service, chances are exceedingly high that 
your browser will send a clear text unencrypted DNS request to some DNS servers asking basically “So what’s the IP 
address of www.pornhub.com?”. 


Because it is not encrypted, your ISP and/or any other adversary could still intercept (using a Man-in-the-middle 
attack®’) your request will know and possibly log what your IP was looking for. The same ISP can also tamper with 
the DNS responses even if you are using a private DNS. Rendering the use of a private DNS service useless. 


As a bonus, many devices and apps will use hardcoded DNS servers bypassing any system setting you could set. This 
is for example the case with most (70%) Smart TVs and a large part (46%) of Game Consoles*. For these devices, you 
WIT Mate NVcM KoWh Ke) geX=MhnaYcl an haem oMi no) MUI a}-Maat-)1 am al-laelecolel-Ye MDI \ SMS-1aV(ecM dello amore] le Mant-]<-mdal-laamcice) om NVela dlalca elec) ol-1a V2 


A solution to this is to use encrypted DNS using DoH (DNS over HTTPS*°), DoT (DNS over TLS?”) with a private DNS 
server (this can be self-hosted locally with a solution like pi-hole**, remotely hosted with a solution like nextdns.io or 
using the solutions provider by your VPN provider or the Tor network). This should prevent your ISP or some go- 
between from snooping on your requests ... except it might not. 


cia [=121-Wol goa -Vavovanaali ava Mal (=laalaat-Pusiaaelatcar-Vatel an daalin vam Kon alst-aLe hich aM @)V{-)a(-t-[e fal Ko’ r=] =) ach Mem @laoYo\7-W AY 70) 
https://ieeexplore.ieee.org/document/8418599 Archive ors] 

31 Wikipedia, DNS https://en.wikipedia.org/wiki/Domain_Name_System Wikies] [Archive.org] 

32 Wikipedia, DNS Blocking https://en.wikipedia.org/wiki/DNS_blocking Wikies! [Archive org] 

33 CensoredPlanet https://censoredplanet.org/ "hive orel 

34 ArXiv, Characterizing Smart Home lot Traffic in the Wild https://arxiv.org/pdf/2001.08288.pdf rhe. crel 

35 Labzilla.io, Your Smart TV is probably ignoring your Pi-Hole https://labzilla.io/blog/force-dns-pihole A"hve-orel 
36 Wikipedia, DNS over HTTPS: https://en.wikipedia.org/wiki/DNS_over_HTTPS !Wikiless] [Archive org] 

37 Wikipedia, DNS over TLS, https://en.wikipedia.org/wiki/DNS_over_TLS !Wikiless] [Archive.org] 

38 Wikipedia, Pi-Hole https://en.wikipedia.org/wiki/Pi-hole Wikies] [Archive org] 
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Small in-between Disclaimer: This guide does not necessarily endorse or recommends Cloudflare services even if it 
is mentioned several times in this section for technical understanding. 


Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers (Chrome/Brave among them) will 
leak 6 Domain Name again through SNI?? VEneEM EL ce (this can be checked here at Cloudflare: 

I\) oudflare.com/ssl/encrypted-sni/ “'h'e-°el ), As of the writing of this guide, only Firefox-based 
tore hee ECH ieee cient Hello® previously known as eSNI*‘) on some websites which will encrypt 
everything end to end (in addition to using a secure private DNS over TLS/HTTPS) and will allow you to hide your 
DNS requests from a third party”. And this option is not enabled by default either so you will have to enable it 
yourself. 





unencrypted encrypted 


HTTPS with Unencrypted DNS and without ECH 


Se © Client Hello 
—L—— DNS request 


Server Hello 
Sane 
DNS response ——HTTPS request Wy 


DNS Server <—HTIPS response somewebsite.com 


HTTPS with Encrypted DNS without ECH 


== @ Client Hello 
==) <t—DNS request—— 


Server Hello 
—DNS response ——HTTPS request—+ 
DNS Server <4—HTTPS response — somewebsite.com 


HTTPS with Encrypted DNS and ECH 


= | @ ——Client Hello—> 
e —<t—DNS request—— 7A. 


—t—-Server Hello 
—DNS response —HTITPS request— 


DNS Server HTTPS response somewebsite.com 





Tabeclelohiuto)amcoM lnalixsxom olgo\’\ X=) met0l 9) oe) a mmey aT AVAAAA=) oMS=1 a7 [ox=Xit-] ale M@1D)\ ui of =Val lave M@lCoLU(e i t-1a- MOLD) NIU] 0) Yolaal Gln VA-S)\ ils 
this stage“. This means that ECH and eSNI are not supported (as of the writing of this guide) by most mainstream 
platforms such as: 

e Amazon (including AWS, Twitch...) 

e Microsoft (including Azure, OneDrive, Outlook, Office 365...) 

e Google (including Gmail, Google Cloud...) 

e Apple (including iCloud, iMessage...) 

e Reddit 





39 Wikipedia, SNI https: Jication [Wikiless] [Archive.org] 
40 Wikipedia, ECH, ht 
41 Wikipedia, eSNI htt 


42 Usenix.org, On the reper of enere 








IG [Wikiless] [Archive.org] 
Wikiless] [Archive.org] 


NIK 


ted-SN 





| nny ive) Raed Circumvention 


Reels FAIR TN aye TAAOeAa nA ehal nF [Archive org] 
nttps:, /, USENIX.¢ em/ ) Ve_telnenl_(OLjoyeh? 


/files/foci19-ps 









43 Wikipedia, CDN htt en.wi 
“4 Cloudflare, Good- ee ESNI, hello ECH! | 





y [Archive.org] 
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e YouTube 
e Facebook 
e § Instagram 


e Twitter 
e GitHub 
e@ 


Some countries like Russia*® and China*® might (unverified despite the articles) block ECH/eSNI handshakes at the 
network level to allow snooping and prevent bypassing censorship. Meaning you will not be able to establish an 
HTTPS connection with a service if you do not allow them to see what it was. 


The issues do not end here. Part of the HTTPS TLS validation is called OCSP”’ and this protocol used by Firefox-based 
browsers will leak metadata in the form of the serial number of the certificate of the website you are visiting. An 
adversary can then easily find which website you are visiting by matching the certificate number”. This issue can be 
mitigated by using OCSP stapling*’. Unfortunately, this is enabled but not enforced by default in Firefox/Tor Browser. 
But the website you are visiting must also be supporting it and not all do. Chromium-based browsers on the other 
hand use a different system called CRLSets®*” >? which is arguably better. 


Here is a list of how various browsers behave with OCSP: https://www.ssl.com/blogs/how-do-browsers-handle- 
revoked-ssl-tls-certificates/ !rchive.crel 


Here is an illustration of the issue you could encounter on Firefox-based browsers: 


Simple OCSP OCSP Stapling 


DNS Server 


somewebsite.com 


OCSP Responder OCSP Responder 





aca AD)N | =i UESSIE- MYA] Ma CoM of-] aM nal=MUL-Mo) my-ToLl | x-M 0] ge) cofere) [NIU 01 a= 1 Sin Is Pal DYo) 5 Ps DYo)l IAM =AS))\ | 
https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/ "chive ovel 

46 ZDNET, China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI https://www.zdnet.com/article/china-is- 
now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/ Archive-orel 

47 Wikipedia, OCSP https://en.wikipedia.org/wiki/Online_ Certificate Status Protocol ikiless] [Archive.org] 

48 Madaidans Insecurities, Why encrypted DNS is ineffective https://madaidans-insecurities.github.io/encrypted-dns.html 

UNel aVV=mo) g4| 

49 Wikipedia, OCSP Stapling https://en.wikipedia.org/wiki/OCSP_stapling 'WiKiless] [Archive.org] 

5° Chromium Documentation, CRLSets https://dev.chromium.org/Home/chromium-security/crisets chive ol 


eayAD)N{-9 aml alco) a al=Meolol=Xmer=) alui(ers]u=M a-n\{oler=] (ola o-1au= am alud eM ANAnAiVardel al-1aere] saVA-lauloll-¥Aelal gel ani=nre(el-\erel-lad i ile-}x-mig-\/{oler-}a (oleh ol-an-lg 
Nel aY\V=mo) g4 | 
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Finally, even if you use a custom encrypted DNS server (DoH or DoT) with ECH/eSNI support and OCSP stapling, it 
might still not be enough as traffic analysis studies** have shown it is still possible to reliably fingerprint and block 
unwanted requests. Only DNS over Tor was able to show efficient DNS Privacy in recent studies but even that can 
still be defeated by other means (see Your Anonymized Tor/VPN traffic). 


One could also decide to use a Tor Hidden DNS Service or ODOH (Oblivious DNS over HTTPS*?) to further increase 
privacy/anonymity but unfortunately, as far as | know, these methods are only provided by Cloudflare as of this 
writing (https://blog.cloudflare.com/welcome-hidden-resolver/ 4'hve-orl_ https://blog.cloudflare.com/oblivious-dns/ 
Archive or8]). These are workable and reasonably secure technical options but there is also a moral choice if you want to 
use Cloudflare or not (despite the risk posed by some researchers”). 


Lastly, there is also this new possibility called DoHOoT which stands for DNS over HTTPS over Tor which could also 
further increase your privacy/anonymity and which you could consider if you are more skilled with Linux. See 
https://github.com/alecmuffett/dohot "h'e°8!, This guide will not help you with this one at this stage, but it might 
be coming soon. 


Here is an illustration showing the current state of DNS and HTTPS privacy based on my current knowledge. 


52 KUL, Encrypted DNS==>Privacy? A Traffic Analysis Perspective https://www.esat.kuleuven.be/cosic/publications/article- 
3153.pdf MArchive.org] 

Gea SY -X-¥-1 g a(Ct- 14-9 @) 9) IhV/ (ois B) N Soil gl o1or-] da iVZ- [Van co) al BN ISM @LU(-1 a -53 
https://www.researchgate.net/publication/332893422 Oblivious DNS Practical _Privacy_for DNS Queries Archive-crel 

54 Nymity.ch, The Effect of DNS on Tor’s Anonymity https://nymity.ch/tor-dns/ “rhe 
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DNS Traffic Fingerprinting DNS Traffic Fingerprinting 


Web Traffic Fingerprinting Web Traffic Fingerprinting 


Unencrypted Client Hello request to 
Service 


DNS Traffic Fingerprinting 


Web Traffic Fingerprinting 





Web Traffic Fingerprinting 


As for your normal daily use (non-sensitive), remember that only Firefox-based browsers support ECH (formerly 
eSNIl) so far and that it is only useful with websites hosted behind Cloudflare CDN at this stage. If you prefer a 
Chrome-based version (which is understandable for some due to some better-integrated features like on-the-fly 
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Translation), then | would recommend the use of Brave instead which supports all Chrome extensions and offers 
much better privacy than Chrome. 


But the story does not stop there right. Now because after all this, even if you encrypt your DNS and use all possible 
mitigations. Simple IP requests to any server will probably allow an adversary to still detect which site you are 
visiting. And this is simply because the majority of websites have unique IPs tied to them as explained here: 
https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/ "he's! This means that an adversary 
can create a dataset of known websites for instance including their IPs and then match this dataset against the IP 
you ask for. In most cases, this will result in a correct guess of the website you are visiting. This means that despite 
OCSP stapling, despite ECH/eSNI, despite using Encrypted DNS ... An adversary can still guess the website you are 
visiting anyway. 


Therefore, to mitigate all these issues (as much as possible and as best as we can), this guide will later recommend 
two solutions: Using Tor and a virtualized (See Appendix W: Virtualization) multi-layered solution of VPN over Tor 
Xo) [Uiuco)plm (DIN SMo)'{=) anda o)'/=1 om Ko) ato) am D) Ns Mo)VZ-) aml MO) 59 Mm @luat=) aro) o) alo) atom/1| m=] ko of -M=d.40)l-11al=Xom MMe) @re)V{-) mAVA a AVACUN\ ola) YANO) 
Tor/VPN) but are less recommended. 


Your RFID enabled devices: 

RFID stands for Radio-frequency identification, it is the technology used for instance for contactless payments and 
various identification systems. Of course, your smartphone is among those devices and has RFID contactless 
payment capabilities through NFC°®. As with everything else, such capabilities can be used for tracking by various 
actors. 


sYUL MUI aco) ma ay-1k-) \VmalicM om aren [anv inete mmo \Zol0] mmclaa¥-]ano)alolarcvur-] are M\Zol0 i=) Kom 0) go) of-]0)\Vmer-)aavmxolant=¥-]aaColUlai melas al |DM=lat]o)i=te, 
device with you all the time such as: 

Cia Cole] emo) a} t-loid (-X3x31=1 ate] 0) (=e Melg=YollaAel-)o)i mers] gels 

e Your store loyalty cards 

e Your transportation payment cards 

e Your work-related access cards 

e Your car keys 

e Your national ID or driver license 

e Your passport 

e The price/anti-theft tags on object/clothing 


While all these cannot be used to de-anonymize you from a remote online adversary, they can be used to narrow 
down a search if your approximate location at a certain time is known. For instance, you cannot rule out that some 
stores will effectively scan (and log) all RFID chips passing through the door. They might be looking for their loyalty 
cards but are also logging others along the way. Such RFID tags could be traced to your identity and allow for de- 
EVaveyahenlrc-lalolan 


More information over at Wikipedia: https://en.wikipedia.org/wiki/Radio- 
frequency_identification#Security_concerns Wikies] [Archive.or8] and https://en.wikipedia.org/wiki/Radio- 
frequency_identification#Privacy 'ikless] [Archive.org] 


The only way to mitigate this problem is to have no RFID tags on you or to shield them again using a type of Faraday 
cage. You could also use specialized wallets/pouches that specifically block RFID communications. Many of those are 
now made by well-known brands such as Samsonite°’. You should just not carry such RFID devices while conducting 
sensitive activities. 


55 Wikipedia, RFID https://en.wikipedia.org/wiki/Radio-frequency_identification Wikiless] [Archive org] 
56 Wikipedia, NFC https://en.wikipedia.org/wiki/Near-field_communication !ikiess] [Archive.org] 


57 Samsonite Online Shop, RFID accessories, https://shop.samsonite.com/accessories/rfid-accessories/ A’hive-orel 
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See Appendix N: Warning about smartphones and smart devices 


The Wi-Fi and Bluetooth devices around you: 

Geolocation is not only done by using mobile antennas triangulation. It is also done using the Wi-Fi and Bluetooth 
devices around you. Operating systems makers like Google (Android*®) and Apple (IOS°’) maintain a convenient 
database of most Wi-Fi access points, Bluetooth devices, and their location. When your Android smartphone or 
iPhone is on (and not in Plane mode), it will scan actively (unless you specifically disable this feature in the settings) 
Wi-Fi access points, and Bluetooth devices around you and will be able to geolocate you with more precision than 
when using a GPS. 


This active and continuous probing can then be sent back to Google/Apple/Microsoft as part of their Telemetry. The 
issue is that this probing is unique and can be used to uniquely identify a user and track such user. Shops, for 
example, can use this technique to fingerprint customers including when they return, where they go in the shop and 
how long they stay at a particular place. There are several papers®”® and articles describing this issue in depth. 


This allows them to provide accurate locations even when GPS is off, but it also allows them to keep a convenient 
record of all Wi-Fi Bluetooth devices all over the world. Which can then be accessed by them or third parties for 
tracking. 


Note: If you have an Android smartphone, Google probably knows where it is no matter what you do. You cannot 
really trust the settings. The whole operating system is built by a company that wants your data. Remember that if it 
is free then you are the product. 


But that is not what all those Wi-Fi access points can do. Recently developed techs could even allow someone to 
track your movements accurately just based on radio interferences. What this means is that it is possible to track 
your movement inside a room/building based on the radio signals passing through. This might seem like a tinfoil hat 
conspiracy theory claim but here are the references® with demonstrations showing this tech in action: 
http://rfpose.csail.mit.edu/ “hve-o8l and the video here: https://www.youtube.com/watch?v=HgDdaMy8KNE lnvidious] 


Other researchers have found a way to count the people in a defined space using only Wi-Fi, see 
https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you “hve-ol 


You could therefore imagine many use cases for such technologies like recording who enters specific 
buildings/offices (hotels, hospitals, or embassies for instance) and then discover who meets who and thereby 
tracking them from outside. Even if they have no smartphone on them. 


58 Google Android Help, Android Location Services https://support.google.com/accounts/answer/3467281?hl=en Archiveors] 
59 Apple Support, Location Services and Privacy https://support.apple.com/en-us/HT207056 M"hive.orel 

AON MoM al c=)aare1ulolat-] M@eolaliclaslale’-me)am [ale loYeyan -xesctiu(olayiayear-VareM [aeletolam NIN Al=e-}aLe]aPInVAVAEd til @) ge) ol=Xowr- komo [T-4) c=] Mola U] an] excmie) mal genio] 
localization http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16. pdf Archive-crel 

51 Southeast University of Nanjing, Probe Request Based Device Identification Attack and Defense 
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/ Archive oral 

62 Medium.com, The Perils of Probe Requests https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5 [Scribe-rip] 
[Archive org] 

63 State University of New York, Towards 3D Human Pose Construction Using Wi-Fi 
https://cse.buffalo.edu/~lusu/papers/MobiCom2020.paf rchive-ore] 
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Again, such an issue could only be mitigated by being in a room/building that would act as a Faraday cage. 


Here is another video of the same kind of tech in action: https://www.youtube.com/watch?v=FDZ39h-kCS8 !nvidious] 
See Appendix N: Warning about smartphones and smart devices 


There is not much you can do about these. Besides being non-identifiable in the first place. 


These have been used at least since 2008 using an attack called “Jasager”™ and can be done by anyone using self- 


built tools or using commercially available devices such as Wi-Fi Pineapple®. 


Here are some videos explaining more about the topic: 
e HOPE 2020, https://archive.org/details/hopeconf2020/20200725_ 1800 _Advanced_Wi- 
Fi_Hacking With_%245_Microcontrollers.mp4 
e YouTube, Hak5, Wi-Fi Pineapple Mark VII https://www.youtube.com/watch ?v=7v3JR4WIw4Q lnidious] 


These devices can fit in a small bag and can take over the Wi-Fi environment of any place within their range. For 
instance, a Bar/Restaurant/Café/Hotel Lobby. These devices can force Wi-Fi clients to disconnect from their current 
Wi-Fi (using de-authentication, disassociation attacks®) while spoofing the normal Wi-Fi networks at the same 
Coer-\d(olaMa N aXeNVAAWAl] Meco)alulalU(=WKom ol-laco)eanMialicm-lac-lol @Ulald] MVZol0] moco)en) olUiu-) amo) mol mol-Yollo(-MKomdavm Kom xo) alal-Yom Komdal-MKo)-40[- 
AP. 


These devices can then mimic a captive portal® with the exact same layout as the Wi-Fi you are trying to access (for 
instance an Airport Wi-Fi registration portal). Or they could just give you unrestricted access internet that they will 
themselves get from the same place. 


Once you are connected through the Rogue AP, this AP will be able to execute various man-in-the-middle attacks to 
perform analysis on your traffic. These could be malicious redirections or simple traffic sniffing. These can then easily 
Kol=ValuhavarclaNvacel {=Valmda-1anyZol0) (eco) allatsir-] alecM ava Kem oo) al a\-(ol mmo m-WAVA'd\ X-) aV(-) exo) and a\=Wa Ko) am N=) a),V0) ae 


64 Digi.Ninja, Jasager https://digi.ninja/jasager/ Arhve-ore) 


65 HakS Shop, Wi-Fi Pineapple https://shop.hak5.org/products/wifi-pineapple chive-ors] 


66 Wikipedia, Deautentication Attack https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack Wikiless] [Archive.org] 


87 Wikipedia, Capture Portal https://en.wikipedia.org/wiki/Captive_portal 'Wikiless] [Archive.org] 
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This can be useful when you know someone you want to de-anonymize is in a crowded place, but you do not know 
who. This would allow such an adversary to possibly fingerprint any website you visit despite the use of HTTPS, DoT, 
DYo) np @) Blo) un PAYA 4 Po) aml Ko) UK| aY Muda] ail om-) a=] NAMI ole) al cto M1 oYo\ <M la mdal-mD)\ SecX-lei Lo) ap 


These can also be used to carefully craft and serve you advanced phishing webpages that would harvest your 
credentials or try to make you install a malicious certificate allowing them to see your encrypted traffic. 


How to mitigate those? If you do connect to a public wi-fi access point, use Tor, or use a VPN and then Tor (Tor over 
VPN) or even (VPN over Tor) to obfuscate your traffic from the rogue AP while still using it. 


Your Anonymized Tor/VPN traffic: 

Tor and VPNs are not silver bullets. Many advanced techniques have been developed and studied to de-anonymize 
encrypted Tor traffic over the years®. Most of those techniques are Correlation attacks that will correlate your 
network traffic in one way or another to logs or datasets. Here are some examples: 

e Correlation Fingerprinting Attack: As illustrated (simplified) below, this attack will fingerprint your 
encrypted Tor traffic (like the websites you visited) based on the analysis of your encrypted traffic without 
decrypting it. Some of those methods can do so with a 96% success rate in a closed-world setting. The 
efficacy of those methods in a real open-world setting has not been demonstrated yet and would probably 
require tremendous resources computing power making it very unlikely that such techniques would be 
used by a local adversary in the near future. Such techniques could however hypothetically be used by an 
advanced and probably global adversary with access to your source network to determine some of your 
activity. Examples of those attacks are described in several research papers®”’””7 as well as their 
limitations’?. The Tor Project itself published an article about these attacks with some mitigations: 
https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations Ahive-ore], 


68 HackerFactor Blog, Deanonymizing Tor Circuits https://www.hackerfactor.com/blog/index.php?/archives/868- 
Deanonymizing-Tor-Circuits.html 4’hve-orel 

69 KU Leuven, Website Fingerprinting through Deep Learning https://distrinet.cs.kuleuven.be/software/tor-wf-dl/ [Archive ore] 

70 KU Leuven, Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning 
https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.paf Archive ove] 

71 Internet Society, Website Fingerprinting at Internet Scale https://www.internetsociety.org/sites/default/files/blogs- 
MACLEVAUIceesiccilaletcla ala datcelalcclaatcierser) (om ole | eben 

72 KU Leuven, A Critical Evaluation of Website Fingerprinting Attacks https://www.esat.kuleuven.be/cosic/publications/article- 
2456.pdf [Arentvesore] 
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e Correlation Timing Attacks: As illustrated (simplified) below, an adversary that has access to network 
connection logs (IP or DNS for instance, remember that most VPN servers and most Tor nodes are known 
Vato ol¥] o)|KelhValsinete) We) md alMcVolU]goeM-JaleMmaal=Mel-siulat-iulo)ameele](omeolaa=)f-1n-mualeM alan) |aycxomnemeol=tr-] alolah ani P4-mvZel 0) 
without requiring any access to the Tor or VPN network in between. A real use case of this technique was 
done by the FBI in 2013 to de-anonymize”? a bomb threat hoax at Harvard University. 


73 DailyDot, How Tor helped catch the Harvard bomb threat suspect | 
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e Correlation Counting Attacks: As illustrated (simplified) below, an adversary that has no access to detailed 
connection logs (cannot see that you used Tor or Netflix) but has access to data counting logs could see that 
you have downloaded 600MB on a specific time/date that matches the 600MB upload at the destination. 
This correlation can then be used to de-anonymize you over time. 
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There are ways to mitigate these such as: 
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e Do not use Tor/VPNs to access services that are on the same network (ISP) as the destination service. For 
example, do not connect to Tor from your University Network to access a University Service anonymously. 
Instead, use a different source point (such as a public Wi-Fi) that cannot be correlated easily by an adversary. 

e Do not use Tor/VPN from an obviously heavily monitored network (such as a corporate/governmental 
network) but instead try to find an unmonitored network such as a public Wi-Fi or a residential Wi-Fi. 

e Consider the use of multiple layers (such as what will be recommended in this guide later: VPN over Tor) so 
that an adversary might be able to see that someone connected to the service through Tor but will not be 
able to see that it was you because you were connected to a VPN and not the Tor Network. 


Be aware again that this might not be enough against a motivated global adversary” with wide access to global mass 
surveillance. Such an adversary might have access to logs no matter where you are and could use those to de- 
anonymize you. Usually, these attacks are part of what is called a Sybil Attack’*. These adversaries are out of the 
scope of this guide. 


Be also aware that all the other methods described in this guide such as Behavioral analysis can also be used to 
deanonymize Tor users indirectly (see further Your Digital Fingerprint, Footprint, and Online Behavior). 


| also strongly recommend reading this very good, complete, and thorough (and more detailed) guide on most 
known Attack Vectors on Tor: https://github.com/Attacks-on-Tor/Attacks-on-Tor 4'hve-orél as well as this recent 
research publication 
https://www.researchgate.net/publication/323627387_Shedding Light_on_the Dark _Corners_of_the_Internet_A_ 
Survey_of_Tor_Research /’chive.ore] 


As well as this great series of blog posts: https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-Oday- 
The-Management-Vulnerability.html Archive-o] 


Recently, one of these attacks was attempted on the Tor Network with more information here: 
https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for- 
five-months/ rchive.cre] 


Lastly, do remember that using Tor can already be considered suspicious activity’”®, and its use could be considered 
malicious by some”’. 


This guide will later propose some mitigations to such attacks by changing your origin from the start (using public wi- 
fi’s for instance). Remember that such attacks are usually carried by highly skilled, highly resourceful, and motivated 
adversaries and are out of scope from this guide. 


Disclaimer: it should also be noted that Tor is not designed to protect against a global adversary. For more 
information see https://svn-archive.torproject.org/svn/projects/design-paper/tor-design. pdf "hve-ors] and 
specifically, "Part 3. Design goals and assumptions.". 


Some Devices can be tracked even when offline: 
You have seen this in action/spy/Sci-Fi movies and shows, the protagonists always remove the battery of their 
phones to make sure it cannot be used. Most people would think that’s overkill. Well, unfortunately, no, this is now 
becoming true at least for some devices: 

e iPhones and iPads (IOS 13 and above)’®”? 


aa Naa Yel ala or= Pinu (en Vand a= NISY: Wer= all ol a=¥-] qual l[CelasMeyam-datelav] oluctoMn's"(1oM-TateMVA2d\ Mevol al at=xeiulo)aiM alan else 44-]acin-tolglalier- Meo) eaVAlaiiolgaat-lilelae 
technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ Archive-crsl 

75 Wikipedia, Sybil Attack https://en.wikipedia.org/wiki/Sybil_attack /ikiless] [Archive.org] 

76 ArsTechnica, Does Tor provide more benefit or harm? New paper says it depends 
https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/ A’chive ovel 
77 ResearchGate, The potential harms of the Tor anonymity network cluster disproportionately in free countries 
https://www.pnas.org/content/early/2020/11/24/2011893117 Archive.crel 

78 CryptoEngineering, How does Apple (privately) find your offline devices? 
https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices 
79 Apple Support https://support.apple.com/en-us/HT210515 Archive.ors] 


ji [Archive.org] 
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e Samsung Phones (Android 10 and above)® 
e MacBooks (macOS 10.15 and above) * 


Such devices will continue to broadcast identity information to nearby devices even when offline using Bluetooth 
Low-Energy®. They do not have access to the devices directly (which are not connected to the internet) but instead 
use BLE to find them through other nearby devices®. They are using peer-to-peer short-range Bluetooth 
communication to broadcast their status through nearby online devices. 


They could now find such devices and keep the location in some database that could then be used by third parties or 
themselves for various purposes (including analytics, advertising, or evidence/intelligence gathering). 


SYo1ow Vo} of=lalel al NM AUc] dali avear-) oe LU lms) aat-) ae) alo)al-sow-lalemcaal-)amel nV (aet) 


TLDR: Do not take such devices with you when conducting sensitive activities. 


Your Hardware Identifiers: 


Your IMEI and IMSI (and by extension, your phone number): 
MW aveM\VL=iM (laie=lant-\eColar-]M\V/co) el] (=m =XeL0)|oaat-Yaran(e(-lalainame M-lale Mm dat=M VIS (laixelaat-yeColat-)MV/Ce)el] (-Mci0] olvola| of-Tam(e[-TalainVae Bela) 
unique numbers created by cell phone manufacturers and cell phone operators. 


The IMEI is tied directly to the phone you are using. This number is known and tracked by the cell phone operators 
and known by the manufacturers. Every time your phone connects to the mobile network, it will register the IMEI on 
the network along with the IMSI (if a SIM card is inserted but that is not even needed). It is also used by many 

Yo} o) for-} fo) aM (st-]al lay-ate] 0) else) oLUit ata malome)aelalem el-laanlxicelamelam-Vatolael(oW ce) aulatcie-]alechaa B-TaleMiaat-lanelalelal-m@)el-te-\al als 

SW ZSICcTua EM C-Valol ced(o/Al@)s) Miolmnle(-laluiitercialolameym aal-Mo(-\7(e-haee balm eLols o) (<M olUjarol igure) iam (-lato mM aleyalll(-ex-] lam aatlaNy 
jurisdictions®) to change the IMEI on a phone but it is probably easier and cheaper to just find and buy some old 
(working) Burner phone for a few Euros (this guide is for Germany remember) at a flea market or some random 
small shop. 


The IMSI is tied directly to the mobile subscription or pre-paid plan you are using and is tied to your phone number 
by your mobile provider. The IMSI is hardcoded directly on the SIM card and cannot be changed. Remember that 
every time your phone connects to the mobile network, it will also register the IMSI on the network along with the 
IMEI. Like the IMEI, the IMSI is also being used by some applications and smartphone Operating systems for 
identification and is being tracked. Some countries in the EU for instance maintain a database of IMEI/IMSI 
associations for easy querying by Law Enforcement. 


Today, giving away your (real) phone number is the same or better than giving away your Social Security 
number/Passport ID/National ID. 


The IMEI and IMSI can be traced back to you in at least six ways: 
e The mobile operator subscriber logs will usually store the IMEI along with the IMSI and their subscriber 
information database. If you use a prepaid anonymous SIM (anonymous IMSI but with a known IMEI), they 


80 XDA, Samsung’s Find My Mobile app can locate Galaxy devices even when they’re offline https://www.xda- 
developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/ Archive.orel 

81 Apple Support, If your Mac is lost or stolen https://support.apple.com/en-us/H1T204756 MArchiveore] 

82 Wikipedia, BLE https://en.wikipedia.org/wiki/Bluetooth_Low_Energy Wikiless] [Archive.org] 

ised Oi nV] ol wo}=4 e-To) a\Van =tay24la=X-1alal=al 10): w ON AC LeX=cw Vole) (Ml (olaNZ1K-)iVA Malate Zell mel iillat-Mel-\ura=cita 
https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/ Archive.crel 


84 Wikipedia, IMEI https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity Kies] [Archive.ore] 


85 Wikipedia, IMSI https://en.wikipedia.org/wiki/International_mobile_subscriber_identity ‘Wikies! Archive org] 
86 Android Documentation, Device Identifiers https://source.android.com/devices/tech/config/device-identifiers Arve"! 
87 Google Privacy Policy, Look for IMEI https://policies.google.com/privacy/embedded?hl=en-Us *chive.orel 


88 Wikipedia, IMEI and the Law https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity#IMEI_and_the_law 
(Wikiless] [Archive.org] 
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could see this cell belongs to you if you used that cell phone before with a different SIM card (different 
anonymous IMSI but same known IME)). 

e The mobile operator antenna logs will conveniently keep a log of which IMEI and IMSI also keep some 
connection data. They know and log for instance that a phone with this IMEI/IMSI combination connected to 
a set of Mobile antennas and how powerful the signal to each of those antennas were allowing easy 
iwatelaye40] r-1ae) ayAcxelo) (eler-yd (ele Me) md a(=Mcl!24 ar-] eam al=\\ar-] YOM ae) Vana} (ola Meluatcl am o)aye)atatom AYZol0] mua ct-] Rel alem cel mi [aisi el a(e)) 
connected at the same time to the same antennas with the same signal which would make it possible to 
know precisely that this “burner phone” was always connected at the same place/time than this other 
“known phone” which shows up every time the burner phone is being used. This information can be used by 
various third parties to geolocate/track you quite precisely®” ™°. 

e The manufacturer of the Phone can trace back the sale of the phone using the IMEI if that phone was bought 
in a non-anonymous way. Indeed, they will have logs of each phone sale (including serial number and IMEI), 
to which shop/person to whom it was sold. And if you are using a phone that you bought online (or from 
someone that knows you). It can be traced to you using that information. Even if they do not find you on 
CCTV*! and you bought the phone using cash, they can still find what other phone (your real one in your 
pocket) was there (in that shop) at that time/date by using the antenna logs. 

e The IMSI alone can be used to find you as well because most countries now require customers to provide an 
ID when buying a SIM card (subscription or pre-paid). The IMSI is then tied to the identity of the buyer of the 
card. In the countries where the SIM can still be bought with cash (like the UK), they still know where (which 
shop) it was bought and when. This information can then be used to retrieve information from the shop 
itself (such as CCTV footage as for the IMEI case). Or again the antenna logs can also be used to figure out 
which other phone was there at the moment of the sale. 

e The smartphone OS makers (Google/Apple for Android/IOs) also keep logs of IMEI/IMSI identifications tied 
to Google/Apple accounts and which user has been using them. They too can trace back the history of the 
phone and to which accounts it was tied in the past®. 

e Government agencies around the world interested in your phone number can and do use” special devices 
called “IMSI catchers” like the Stingray” or more recently the Nyxcell®®. These devices can impersonate (to 
spoof) a cell phone Antenna and force a specific IMSI (your phone) to connect to it to access the cell 
network. Once they do, they will be able to use various MITM®’ (Man-In-The-Middle Attacks) that will allow 
them to: 

Tap your phone (voice calls and SMS). 

om) allim-laleM=>.clanliarom ele] mel-le-Mae- lai [on 

rom [aa l=)ese)ar-]4-mZe]0] am o)alolal-malllanlel=lanyUinareleimmeolaidae)|ifal-m\celelm olarelaren 

fo) 


(e) 


in(=1a=m eee] So M=M-xolelem COLUM MU] oY-MV/(0(-LoMo)amaliwuno) 0) {orm D) =i x QO) \ sy-) (Wl \Y/ (ole(-teom ofe) of-1am @ LUI [ald] a lem DY-1=Lod | a¥ <i er]. <oW- AGM st 31-1 
Stations in Real-Time https://www.youtube.com/watch?v=siCk4pGGcqA lnvidious] 


8° Bellingcat, The GRU Globetrotters: Mission London https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru- 
globetrotters-mission-london/ [A‘chive.crel 

°° Bellingcat,"V" For “Vympel”: FSB’s Secretive Department “V” Behind Assassination Of Georgian Asylum Seeker In Germany 
https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind- 
assassination-of-zelimkhan-khangoshvili/ “"chive-orel 

91 Wikipedia, CCTV https://en.wikipedia.org/wiki/Closed-circuit_television 'Wikiless] [Archive org] 

22 Apple, Transparency Report, Device Requests https://www.apple.com/legal/transparency/device-requests.html [Archivecrel 

°3 The Intercept, How Cops Can Secretly Track Your Phone https://theintercept.com/2020/07/31/protests-surveillance-stingrays- 
dirtboxes-phone-tracking/ !Tr Mirror] [Archive.org] 

24 Wikipedia, IMSI Catcher https://en.wikipedia.org/wiki/IMSI-catcher Wikiless] [Archive.org] 

9 Wikipedia, Stingray https://en.wikipedia.org/wiki/Stingray_phone_tracker !Wikiess] [Archive.org] 

96 Gizmodo, Cops Turn to Canadian Phone-Tracking Firm After Infamous 'Stingrays' Become 'Obsolete' 
https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778 Archive.ore] 


97 Wikipedia, MITM https://en.wikipedia.org/wiki/Man-in-the-middle_attack ikiless] [Archive org] 
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For these reasons, it is crucial to get dedicated an anonymous phone number and/or an anonymous burner phone 
with an anonymous pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive 
activities (See more practical guidance in Getting an anonymous Phone number section). 


While there are some smartphones manufacturers like Purism with their Librem series®® who claim to have your 
privacy in mind, they still do not allow IMEI randomization which | believe is a key anti-tracking feature that should 
be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would 
at least allow you to keep the same “burner phone” and only switch SIM cards instead of having to switch both for 
ya NELAE 


See Appendix N: Warning about smartphones and smart devices 


Your Wi-Fi or Ethernet MAC address: 

The MAC address”? is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could 
of course be used to track you if it is not randomized. As it was the case with the IMEI, manufacturers of computers 
and network cards usually keep logs of their sales (usually including things like serial number, IMEI, Mac Addresses, 
...) and it is possible again for them to track where and when the computer with the MAC address in question was 
sold and to whom. Even if you bought it with cash in a supermarket, the supermarket might still have CCTV (ora 
CCTV just outside that shop) and again the time/date of sale could be used to find out who was there using the 
Mobile Provider antenna logs at that time (IMEI/IMSI). 


Operating Systems makers (Google/Microsoft/Apple) will also keep logs of devices and their MAC addresses in their 
Kodo co) axe (=aVA(x =m (ol=lalunilor-1ucolam (atlarommaahvare (enV (x =MAV/ oL-McX=1 avd 1 e=smn 0) a=>.<-100] ©) (=) Mw-V 0) 6) (<Mor-]amecll Muat-lmual-M\V lel stofe) a idamaalis 
specific MAC address was tied to a specific Apple Account before. Maybe yours before you decided to use the 
MacBook for sensitive activities. Maybe to a different user who sold it to you but remembers your e-mail/number 
from when the sale happened. 


Your home router/Wi-Fi access point keeps logs of devices that are registered on the Wi-Fi, and these can be 
accessed too to find out who has been using your Wi-Fi. Sometimes this can be done remotely (and silently) by the 
ISP depending on if that router/Wi-Fi access point is being “managed” remotely by the ISP (which is often the case 
when they provide the router to their customers). 


Some commercial devices will keep a record of MAC addresses roaming around for various purposes such as road 
congestion?™. 


So, it is important again not to bring your phone along when/where you conduct sensitive activities. If you use 
your own laptop, then it is crucial to hide that MAC address (and Bluetooth address) anywhere you use it and be 
extra careful not to leak any information. Thankfully many recent OSes now feature or allow the possibility to 
re-Vatokolen|PA=M\V PV Our-lelola=cxx-sM C-Valel gol (o Mm (Ohya Mla l) emr-lalem Vitale (ont wm KO) MU id Ma atom avole-]o)(-M=><oc) oldie) amo) mant-(e@sMiiial(olamelel=s 
not support this feature even in its latest Big Sur version. 


See Appendix N: Warning about smartphones and smart devices 


Your Bluetooth MAC address: 

Your Bluetooth MAC is like the earlier MAC address except it is for Bluetooth. Again, it can be used to track you as 
manufacturers and operating system makers keep logs of such information. It could be tied to a sale place/time/date 
(olar-lxeol Ul aiacur-]ale Md al=)aMocol0] (oll ol- MUL -Yolmuomag-(ol MOON ida Mle aM lalicolgant-ia(olaMmaar-mavelono)i| iiatsmiaixe)anat-iale)apmda\- GON AV Amol 
the mobile antenna logs in correlation. 


Operating systems have protections in place to randomize those addresses but are still subject to vulnerabilities ?™. 


8 Purism, Librem 5 https://shop.puri.sm/shop/librem-5/ Archive-crel 
99 Wikipedia, MAC Address https://en.wikipedia.org/wiki/MAC_address !Wikiless] [Archive org] 


100 Acyclica Road Trend Product Sheet, https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet. pdf 
[Archive org] 
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For this reason, and unless you really need those, you should just disable Bluetooth completely in the BIOS/UEFI 
settings if possible or in the Operating System otherwise. 


On Windows 10, you will need to disable and enable the Bluetooth device in the device manager itself to force 
randomization of the address for next use and prevent tracking. 


In general, this should not be too much of a concern compared to MAC Addresses. BT Addresses are randomized 
quite often. 


See Appendix N: Warning about smartphones and smart devices 


Vole (CPU 


All modern CPUs?” are now integrating hidden management platforms such as the now infamous Intel Management 
Engine’? and the AMD Platform Security Processor?™. 


Those management platforms are small operating systems running directly on your CPU as long as they have power. 
These systems have full access to your computer’s network and could be accessed by an adversary to de-anonymize 
you in various ways (using direct access or using malware for instance) as shown in this enlightening video: BlackHat, 
How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine 
https://www.youtube.com/watch?v=mYsTBPaqbyas lnvidious] | 


These have already been affected by several security vulnerabilities in the past?” that allowed malware to gain 
control of target systems. These are also accused by many privacy actors including the EFF and Libreboot of being a 
backdoor into any system?™. 


There are some not so straightforward ways’”’ to disable the Intel IME on some CPUs and you should do so if you 
can. For some AMD laptops, you can disable it within the BIOS settings by disabling PSP. 


Note that to AMD’s defense, so far and AFAIK, there were no security vulnerabilities found for ASP and no backdoors 
either: See https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s !!vidiousl_ [mq addition, AMD PSP does not 
provide any remote management capabilities contrary to Intel IME. 


If you are feeling a bit more adventurous, you could install your own BIOS using Libreboot?™ or CorebootError! B 
ookmark not defined. if your laptop supports it (be aware that Coreboot does contain some propriety code unlike its 
fork Libreboot). 


In addition, some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here 
is a good current list of such vulnerabilities affecting recent widespread CPUs: 
https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability ikiless] [Archive.org] 


Check yourself: 


101 ResearchGate, Tracking Anonymized Bluetooth Devices 
https://www.researchgate.net/publication/334590931 Tracking _Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04 
675a469/Tracking-Anonymized-Bluetooth-Devices.pdf Archive.or] 

102 Wikipedia, CPU https://en.wikipedia.org/wiki/Central_processing_unit Wikiless] [Archive.org] 

103 Wikipedia, Intel Management Engine https://en.wikipedia.org/wiki/Intel_ Management_Engine !Wikiless] [Archive.org] 

104 Wikipedia, AMD Platform Security Processor https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor /ikiless] 


VNiel aY\Vieol g 4 | 


105 Wikipedia, IME, Security Vulnerabilities https://en.wikipedia.org/wiki/Intel_ Management_Engine#Security_vulnerabilities 
(Wikiless] [Archive.org] 


106 Wikipedia, IME, Assertions that ME is a backdoor 
https://en.wikipedia.org/wiki/Intel_ Management_Engine#Assertions_that_ME_is_a_backdoor !Wikiless] [Archive.org] 


107 Wikipedia, IME, Disabling the ME https://en.wikipedia.org/wiki/Intel_ Management_Engine#Disabling_ the ME !iKless] 
[Archive org] 


108 Libreboot, https://libreboot.org/ Archive 08] 
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e If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by 
using https://github.com/speed47/spectre-meltdown-checker /<hve-°'8] which is available as a package for 
raakeysi mu Maley aol idgessmiarel (Ue liaraa'suarelalye 

e lf you are using Windows, you can check the vulnerability status of your CPU using inSpectre 
https://www.grc.com/inspectre.htm [Archive ore] 


Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide 
for more information https://www.whonix.org/wiki/Spectre_Meltdown "eel (warning: these can severely impact 
the performance of your VMs). 


| will therefore mitigate some of these issues in this guide by recommending the use of virtual machines ona 
dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network. 


In addition, | will recommend the use of AMD CPUs vs Intel CPUs. 


Your Operating Systems and Apps telemetry services: 

Whether it is Android, iOS, Windows, macOS, or even Ubuntu. Most popular Operating Systems now collect 
telemetry information by default even if you never opt-in or opted-out™? from the start. Some like Windows will not 
even allow disabling telemetry completely without some technical tweaks. This information collection can be 
extensive and include a staggering number of details (metadata and data) on your devices and their usage. 


Here are good overviews of what is being collected by those five popular OSes in their last versions: 
e Android/Google: 

o Just have a read at their privacy policy https://policies.google.com/privacy “"hve-crel 

o School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: 
Measuring The Data iOS and Android Send to Apple And Google 
https://www.scss.tcd.ie/doug.leith/apple_google.pdf Mrchivecrsl 

Cie (O)s¥/Voye) [=F 

o More information at https://www.apple.com/legal/privacy/en-ww/ 4*hve-08] and 
https://support.apple.com/en-us/HT202100 “hive.ors] 

o School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: 
Measuring The Data iOS and Android Send to Apple And Google 
https://www.scss.tcd.ie/doug.leith/apple_google.pdf rhive-crsl 

o Apple does claim?” that they anonymize this data using differential privacy’? but you will have to 
trust them on that. 

e Windows/Microsoft: 

o Full list of required diagnostic data: https://docs.microsoft.com/en-us/windows/privacy/required- 
AWVitate (en nvsere |F-}-4alesva tome -le-e-V/-Taecer-Vale Puil-)(0 [e720 )07- mada 

o Full list of optional diagnostic data: https://docs.microsoft.com/en-us/windows/privacy/windows- 
diagnostic-data “'hive.orel 

e = macOS: 

Comm \Y/ Co) K=Mel=1e-]I Mela alan essHyMA10] 0) ole) aat-] 0) 0) (-Movolaaya-40llol=¥Aaat-lon ale) oyAciat-lacer-) ar-) Vauleces alco) anateia(e) ata eat-\eur-] o)6) (=r 

mh27990/mac rchive.ore] 
e Ubuntu: 
o Ubuntu despite being a Linux distribution also collects Telemetry Data nowadays. This data however 


is quite limited compared to the others. More details on https://ubuntu.com/desktop/statistics 
Ue aYV=mo) g4| 


Not only are Operating Systems gathering telemetry services but so are Apps themselves like Browsers, Mail Clients, 
and Social Networking Apps installed on your system. 


109 Apple, Differential Privacy White Paper https://www.apple.com/privacy/docs/Differential_Privacy_Overview.paf A'chiveorel 


110 Wikipedia, Differential Privacy https://en.wikipedia.org/wiki/Differential_privacy Wikies] [Archive org] 
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It is important to understand that this telemetry data can be tied to your device and help de-anonymizing you and 
later can be used against you by an adversary that would get access to this data. 


This does not mean for example that Apple devices are terrible choices for good Privacy (tho this might be 
changing***), but they are certainly not the best choices for (relative) Anonymity. They might protect you from third 
parties knowing what you are doing but not from themselves. In all likelihood, they certainly know who you are. 


Later in this guide, we will use all the means at our disposal to disable and block as much telemetry as possible to 
mitigate this attack vector in the Operating Systems supported in this guide. These will include Windows, macOS, 
and even Linux in some regard. 


See Appendix N: Warning about smartphones and smart devices 


Your Smart devices in general: 
You got it; your smartphone is an advanced spying/tracking device that: 
e Records everything you say at any time (“Hey Siri”, “Hey Google”). 
e Records your location everywhere you go. 
e Always records other devices around you (Bluetooth devices, Wi-Fi Access points). 
e Records your habits and health data (steps, screen time, exposure to diseases, connected devices data) 
e Records all your network locations. 
e Records all your pictures and videos (and most likely where they were taken). 
e Has most likely access to most of your known accounts including social media, messaging, and financial 
accounts. 


ti12 


Data is being transmitted even if you opt-out*””, processed, and stored indefinitely (most likely unencrypted?73) by 


various third parties. 


But that is not all, this section is not called “Smartphones” but “Smart devices” because it is not only your 
smartphone spying on you. It is also every other smart device you could have: 

e Your Smart Watch? (Apple Watch, Android Smartwatch ...) 

e Your Fitness Devices and Apps?**’""©? (Strava!!” 18, Fitbit"®, Garmin, Polar?” ...) 

e Your Smart Speaker? (Amazon Alexa’, Google Echo, Apple Homepod ...) 


111 Continuing Ed, The All-Seeing "i": Apple Just Declared War on Your Privacy https://edwardsnowden.substack.com/p/all- 
seeing-i Archive.crel 

112 Trinity College Dublin, Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google 
https://www.scss.tcd.ie/doug.leith/apple_google.pd 
113 Reuters, Exclusive: Apple dropped plan for encrypting backups after FBI complained — sources 
https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT Archive.orel 

114 7Dnet, | asked Apple for all my data. Here's what was sent back https://www.zdnet.com/article/apple-data-collection-stored- 


f [Archive.org] 


req uest/ [Archive.org] 


115 De Correspondent, Here’s how we found the names and addresses of soldiers and secret agents using a simple fitness app 
https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple- 
fitness-app/412999257-6756ba27 Archive.ore] 

116 Website Planet, Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online 
https://www.websiteplanet.com/blog/gethealth-leak-report/ Archive.ors] 

117 Wired, The Strava Heat Map and the End of Secrets https://www.wired.com/story/strava-heat-map-military-bases-fitness- 
trackers-privacy/ Archive oral 

118 Bellingcat, How to Use and Interpret Data from Strava's Activity Map https://www.bellingcat.com/resources/how- 
tos/2018/01/29/strava-interpretation-guide/ ‘chive orel 

113 The Guardian, Fitness tracking app Strava gives away location of secret US army bases 
https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases A'chive.org] 
120 Telegraph, Running app reveals locations of secret service agents in MI6 and GCHQ. 


https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/ A’chive ore] 
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Cian ColUl mes) aat-] aa Mel als) ole )a t= 1u(e)p iran (@r-] wransYeoto) c=] ara) 
e Your Smart Tags? (Apple AirTag, Galaxy SmartTag, Tile...) 
e Your Car? (Yes, most modern cars have advanced logging/tracking features these days 
e Any other Smart device? There are even convenient search engines dedicated to finding them online: 
o https://www.shodan.io/ 
o  https://censys.io/ 
o  https://www.zoomeye.org/ 


#22) 


See Appendix N: Warning about smartphones and smart devices 


Conclusion: Do not bring your smart devices with you when conducting sensitive activities. 


Yourself: 


Your Metadata including your Geo-Location: 

Your metadata is all the information about your activities without the actual content of those activities. For instance, 
it is like knowing you had a call from an oncologist before then calling your family and friends successively. You do 
not know what was said during the conversation, but you can guess what it was just from the metadata??>. 


This metadata will also often include your location that is being harvested by Smartphones, Operating Systems 
(Android’“4/IOS), Browsers, Apps, Websites. Odds are several companies are knowing exactly where you are at any 
time’? because of your smartphone’. 


This location data has been used in many judicial cases?’ already as part of “geofencing warrants” 12° that allow law 


enforcement to ask companies (such as Google/Apple) a list of all devices present at a certain location at a certain 
time. In addition, this location data is even sold by private companies to the military who can then use it 
conveniently’. These warrants are becoming widely used by law enforcement 3” 3132, 


If you want to experience yourself what a “geofencing warrant” would look like, here is an example: 
https://wigle.net/. 


121 Washington Post, Alexa has been eavesdropping on you this whole time 
https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole- 
time/?itid=Ik_interstitial_ manual_59 Archivecrs) 

122 Washington Post, What does your car know about you? We hacked a Chevy to find out 
https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/ 
[Archive org] 


123 Using Metadata to find Paul Revere (https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/ 
[Archive 3) 

124 Wikipedia, Google SensorVault, https://en.wikipedia.org/wiki/Sensorvault Wikiess] [Archive.org] 

125 NRKBeta, My Phone Was Spying on Me, so | Tracked Down the Surveillants https://nrkbeta.no/2020/12/03/my-phone-was- 
spying-on-me-so-i-tracked-down-the-surveillants/ Archive ore] 

126 New York Times https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html [rchive.crel 

127 Sophos, Google data puts innocent man at the scene of a crime https://nakedsecurity.sophos.com/2020/03/10/google-data- 
puts-innocent-man-at-the-scene-of-a-crime/ Archive.orel 

128 Wikipedia, Geofence Warrant https://en.wikipedia.org/wiki/Geo-fence_warrant !Wikiless] [Archive.org] 
29 Vice.com, Military Unit That Conducts Drone Strikes Bought Location Data From Ordinary Apps 
https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard [Archiveorel 

130 TechCrunch, Google says geofence warrants make up one-quarter of all US demands 
https://techcrunch.com/2021/08/19/google-geofence-warrants/ "chive.orel 

131 TechDirt, Google Report Shows ‘Reverse Warrants' Are Swiftly Becoming Law Enforcement's Go-To Investigative Tool 
https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law- 
enforcements-go-to-investigative-tool.shtml ’chiveorel 

132 Vice.com, Here's the FBI's Internal Guide for Getting Data from AT&T, T-Mobile, Verizon 


https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon Archive's] 
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Now let us say you are using a VPN to hide your IP. The social media platform knows you were active on that account 
on November 4th from 8 am to 1 pm with that VPN IP. The VPN allegedly keeps no logs and cannot trace back that 
VPN IP to your IP. Your ISP however knows (or at least can know) you were connected to that same VPN provider on 
November 4th from 7:30 am to 2 pm but does not know what you were doing with it. 


The question is: Is there someone somewhere that would have both pieces of information available1*? for correlation 
in a convenient database? 


Have you heard of Edward Snowden**? Now is the time to google him and read his book””’. Also read about 
XKEYSCORE??”’ 237, MUSCULAR?*°, SORM?2, Tempora’°, and PRISM 77. 


See “We kill people based on Metadata” ‘** or this famous tweet from the IDF 


https://twitter.com/idf/status/1125066395010699264 [Archive.org] [Nitter]_ 
See Appendix N: Warning about smartphones and smart devices 


Your Digital Fingerprint, Footprint, and Online Behavior: 
This is the part where you should watch the documentary “The Social Dilemma 
much better than anyone else IMHO. 


” 143 on Netflix as they cover this topic 


This includes is the way you write (stylometry) “”*“°, the way you behave“’4”, The way you click. The way you 
browse. The fonts you use on your browser. Fingerprinting is being used to guess who someone is by the way that 
user is behaving. You might be using specific pedantic words or making specific spelling mistakes that could give you 
away using a simple Google search for similar features because you typed comparably on some Reddit post 5 years 
ago using a not so anonymous Reddit account’. The words you type in a search engine alone can be used against 
you as the authorities now have warrants to find users who used specific keywords in search engines?”°. 


133 Wikipedia, Room 641A https://en.wikipedia.org/wiki/Room_641A Wikiless] [archive.org] 

134 Wikipedia, Edward Snowden https://en.wikipedia.org/wiki/Edward_Snowden !Wikiless] [Archive org] 

135 Wikipedia, Permanent Record https://en.wikipedia.org/wiki/Permanent_Record_(autobiography) 'ikiess] [Archive.org] 
136 Wikipedia, XKEYSCORE https://en.wikipedia.org/wiki/XKeyscore Wikies] [Archive.org] 

137 ElectroSpaces, Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA 
https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html Archive-crs] 

138 Wikipedia, MUSCULAR https://en.m.wikipedia.org/wiki/MUSCULAR_(surveillance_program) [chivecrs] 

139 Wikipedia, SORM https://en.wikipedia.org/wiki/SORM !Wikiless] [Archive.org] 

140 Wikipedia, Tempora https://en.wikipedia.org/wiki/Tempora Wikies] [Archive org] 

141 Wikipedia, PRISM https://en.wikipedia.org/wiki/PRISM_(surveillance_program) !WiKiless] [Archive.org] 

142 Justsecurity, General Hayden https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based- 
metadata/ [Archive.org] 

143 IDMB, The Social Dilemma https://www.imdb.com/title/tt11464826/ Archiver] 

M44 ArsTechnica, How the way you type can shatter anonymity—even on Tor https://arstechnica.com/information- 
technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/ [Archiveore] 

145 Wikipedia, Stylometry https://en.wikipedia.org/wiki/Stylometry Wikiless] [Archive.org] 

M46 Paul Moore Blog, Behavioral Profiling: The password you can't change. https://paul.reviews/behavioral-profiling-the- 
password-you-cant-change/ [Archive ore] 

147 Wikipedia, Sentiment Analysis, https://en.wikipedia.org/wiki/Sentiment_analysis Wikiess] [Archive.org] 

148 EFF CoverYourtracks, https://coveryourtracks.eff.org/ Archive orel 

M49 Berkeley.edu, On the Feasibility of Internet-Scale Author Identification 
https://people.eecs.berkeley.edu/~dawnsong/papers/2012%200n%20the%20Feasibility%200f%20Internet- 
Scale%20Author%20ldentification.pdf Archive's) 

150 Forbes, Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim’s Name, 
Address And Telephone Number https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give- 


us-government-data-on-search-users [Archive.ore] 
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Social Media platforms such as Facebook/Google can go a step further and can register your behavior in the browser 
itself. For instance, they can register everything you type even if you do not send it / save it. Think of when you draft 
an e-mail in Gmail. It is saved automatically as you type. They can register your clicks and cursor movements as well. 


All they need to achieve this in most cases is Javascript enabled in your browser (which is the case in most Browsers 
including Tor Browser by default). Even with Javascript disabled, there are still ways to fingerprint you??. 


While these methods are usually used for marketing purposes and advertising, they can also be a useful tool for 
fingerprinting users. This is because your behavior is unique or unique enough that over time, you could be de- 
anonymized. 


Here are some examples: 

e Specialized companies are selling to, for example, law enforcement agencies products for analyzing social 
network activities such as https://mediasonar.com/ chive.ors] 

e For example, as a basis of authentication, a user's typing speed, keystroke depressions, patterns of error (say 
accidentally hitting an “I” instead of a “k” on three out of every seven transactions) and mouse movements 
establish that person’s unique pattern of behavior”. Some commercial services such as TypingDNA 
(https://www.typingdna.com/ "hve o's!) even offer such analysis as a replacement for two-factor 
authentications. 

e This technology is also widely used in CAPTCHAS?”! services to verify that you are “human” and can be used 
to fingerprint a user. 

e See Appendix A4: Counteracting Forensic Linguistics. 


Analysis algorithms could then be used to match these patterns with other users and match you to a different known 
user. It is unclear whether such data is already used or not by Governments and Law Enforcement agencies, but it 
might be in the future. And while this is mostly used for advertising/marketing/captchas purposes now. It could and 
probably will be used for investigations in the short or mid-term future to deanonymize users. 


Here is a fun example you try yourself to see some of those things in action: https://clickclickclick.click (no archive 
links for this one sorry). You will see it becoming interesting over time (this requires Javascript enabled). 


Here is also a recent example just showing what Google Chrome collects on you: 
https://web.archive.org/web/https://pbs.twimg.com/media/EwiUNHOUYAgLY7V ?format=jpg&name=4096x4096 


Here are some other resources on the topic if you cannot see this documentary: 

e 2017, Behavior Analysis in Social Networks, https://link.springer.com/10.1007/978-1-4614-7163-9_110198-1 
[Archive org] 

e 2017, Social Networks and Positive and Negative Affect 
https://www.sciencedirect.com/science/article/pii/S1877042811013747/pdf?md5=253d8flbb615d5dee195 
d353dc077d46&pid=1-s2.0-S1877042811013747-main.pdf Achivecrs] 

e 2015, Using Social Networks Data for Behavior and Sentiment Analysis 
https://www.researchgate.net/publication/300562034 Using Social_ Networks Data_for_Behavior_and_ Se 
ntiment_Analysis Archive.ore] 

e 2016, A Survey on User Behavior Analysis in Social Networks 
https://www.academia.edu/30936118/A_Survey_on_User_Behaviour_Analysis_in_Social_Networks 
[Archive org] 

e 2019, Influence and Behavior Analysis in Social Networks and Social Media https://sci-hub.se/10.1007/978- 
3-030-02592-2 Archive.cre] 


So, how can you mitigate these? 


151 FingerprintJS, Demo: Disabling JavaScript Won’t Save You from Fingerprinting https://fingerprintjs.com/blog/disabling- 
javascript-wont-stop-fingerprinting/ A™cnve-crsl 
152 SecuredTouch Blog, Behavioral Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics 


https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics 
[Archive org] 
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e This guide will provide some technical mitigations using Fingerprinting resistant tools but those might not be 
sufficient. 
e You should apply common sense and try to find your own patterns in your behavior and behave differently 
when using anonymous identities. This includes: 
© The way you type (speed, accuracy...). 
© The words you use (be careful with your usual expressions). 
© The type of response you use (if you are sarcastic by default, try to have a different approach with 
your identities). 
© The way you use your mouse and click (try to solve the Captchas differently than your usual way) 
© The habits you have when using some Apps or visiting some Websites (do not always use the same 
menus/buttons/links to reach your content). 
fe) 


b {olU al=x=10 Mm xolr-\eimr-Jale Mav] | \var-lole) olmr- i ge) (-m- KW] alr-[e1ke) aniv{ol0] (ome (once) ar-Wu e\-1ace)gaat-lala-em Cole al=i-lom nen ol-\ere)aat=m-Mellik=1a-1018 
rol=}acvolayan alia) our] are p= Leia |] <=m wat-] my ol=) exo) apa Malic Maloy a= Im xeLolalal(or-] Maalidi:¢-1u(e)am olUimr-Malelaat-lame)al-em ColUimer-]amelal haa) mele 
yourself for that. 


Ultimately, it is mostly up to you to fool those algorithms by adopting new habits and not revealing real information 
when using your anonymous identities. See Appendix A4: Counteracting Forensic Linguistics. 


Your Clues about your Real Life and OSINT: 

These are clues you might give over time that could point to your real identity. You might be talking to someone or 
posting on some board/forum/Reddit. In those posts, you might over time leak some information about your real 
life. These might be memories, experiences, or clues you shared that could then allow a motivated adversary to build 
a profile to narrow their search. 


fe] 153 


A real use and well-documented case of this was the arrest of the hacker Jeremy Hammon who shared over time 


several details about his past and was later discovered. 


There are also a few cases involving OSINT at Bellingcat*>*. Have a look at their very informative (but slightly 
folUixel-n-Yo) muole)| dim al-laoe 
https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyh|IDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607 


[Archive org] 


You can also view some convenient lists of some available OSINT tools here if you want to try them on yourself for 
example: 

e = https://github.com/jivoi/awesome-osint “’hve.ore] 

e  https://web.archive.org/web/20210426041234/https://jakecreps.com/tag/osint-tools/ 

e =https://osintframework.com/ 

e https://recontool.org 


As well as this interesting Playlist on YouTube: 
https://www.youtube.com/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHgxgrNW8Sy !nvidious] 


As well as those interesting podcasts: 
Lala OSHA AWAWAW AAI K=1ie=Vel al alle [Ul=xsmrere) aa VA oXelelor Kom ayage)| 


You should never share real individual experiences/details using your anonymous identities that could later lead to 
finding your real identity. You will see more details about this in the Creating new identities section. 


153 ArsTechnica, Stakeout: how the FBI tracked and busted a Chicago Anon hitps://arstechnica.com/tech- 
policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/ Archive-ors] 
154 Bellingcat MH17 - Russian GRU Commander ‘Orion’ Identified as Oleg lvannikov https://www.bellingcat.com/news/uk-and- 


europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/ "chive ors] 
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Your Face, Voice, Biometrics, and Pictures: 
“Hell is other people”, even if you evade every method listed above, you are not out of the woods yet thanks to the 
widespread use of advanced Face recognition by everyone. 


ompanies like Facebook have used advanced face recognition for years ey alem atchViom elsXola mei alcaelual=) au an\er-lars 
Cc like Facebook h fo B-Yo| df tion f 1557156 and h b ida) 


(Satellite imagery) to create maps of “people” around the world**’. This evolution has been going on for years to the 
point we can now say “We lost control of our faces” *°®, 


If you are walking in a touristy place, you will most likely appear in someone’s selfie within minutes without knowing 
it. That person could then go ahead and upload that selfie to various platforms (Twitter, Google Photos, Instagram, 
Facebook, Snapchat ...). Those platforms will then apply face recognition algorithms to those pictures under the 
pretext of allowing better/easier tagging or to better organize your photo library. In addition to this, the same 
picture will provide a precise timestamp and in most cases geolocation of where it was taken. Even if the person 
does not provide a timestamp and geolocation, it can still be guessed with other means” ?©. 


Here are a few resources for even trying this yourself: 

e Bellingcat, Guide To Using Reverse Image Search For Investigations: 
https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for- 
investigations/ Archive-crs) 

e Bellingcat, Using the New Russian Facial Recognition Site SearchFace 
https://www.bellingcat.com/resources/how-tos/2019/02/19/using-the-new-russian-facial-recognition-site- 
searchface-ru/ rchiveore] 

e  Bellingcat, Dali, Warhol, Boshirov: Determining the Time of an Alleged Photograph from Skripal Suspect 
Chepiga https://www.bellingcat.com/resources/how-tos/2018/10/24/dali-warhol-boshirov-determining- 
time-alleged-photograph-skripal-suspect-chepiga/ [A’chive.ore] 

e Bellingcat, Advanced Guide on Verifying Video Content https://www.bellingcat.com/resources/how- 
tos/2017/06/30/advanced-guide-verifying-video-content/ rchive.ors] 

e Bellingcat, Using the Sun and the Shadows for Geolocation 
https://www.bellingcat.com/resources/2020/12/03/using-the-sun-and-the-shadows-for-geolocation/ 
[Archive org] 

e  Bellingcat, Navalny Poison Squad Implicated in Murders of Three Russian Activists 
https://www.bellingcat.com/news/uk-and-europe/2021/01/27/navalny-poison-squad-implicated-in- 
murders-of-three-russian-activists/ “chive ore] 

e  Bellingcat, Berlin Assassination: New Evidence on Suspected FSB Hitman Passed to German Investigators 
https://www.bellingcat.com/news/2021/03/19/berlin-assassination-new-evidence-on-suspected-fsb- 
hitman-passed-to-german-investigators/ Archive ors] 

e Bellingcat, Digital Research Tutorial: Investigating a Saudi-Led Coalition Bombing of a Yemen Hospital 
https://www.youtube.com/watch?v=cAVZaPiVArA lnvidious] 

e Bellingcat, Digital Research Tutorial: Using Facial Recognition in Investigations 
https://www.youtube.com/watch ?v=awY87q2Mr0E lInvidious] 


155 Facebook Research, Deepface https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance- 
in-face-verification/ A*chive-crel 

156 Privacy News Online, Putting the “face” in Facebook: how Mark Zuckerberg is building a world without public anonymity 
https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public- 
anonymity/ Archive.orel 

157 CNBC, “Facebook has mapped populations in 23 countries as it explores satellites to expand internet” 
https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html ’chive.ors] 
1458 MIT Technology Review, This is how we lost control of our faces, 
https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/ A*chive-orel 

159 Bellingcat, Shadow of a Doubt: Crowdsourcing Time Verification of the MH17 Missile Launch Photo 
https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/ A*chiveore] 

160 Brown Institute, Open-Source Investigation, https://brown.columbia.edu/open-source-investigation/ A've-0r8l 
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e Bellingcat, Digital Research Tutorial: Geolocating (Allegedly) Corrupt Venezuelan Officials in Europe 
https://www.youtube.com/watch?v=bS6gYWM4kzY Lnvidious] 


Even if you are not looking at the camera, they can still figure out who you are**!, make out your emotions?™, 
analyze your gait*®” ©” 6 read your lips*®®, analyze the behavior of your eyes*®’, and probably guess your political 
affiliation?®’ 1, 


Cross-validated 
Logistic Regression 
(or other similarity 

measure) 


P = 38% 


liberal 





Detect face (Face++) Crop and resize Extract 2,048 face Compare with liberal 
(224 x 224 pixels) descriptors (VGGFace2) and conservative faces 





(Illustration from https://www.nature.com/articles/s41598-020-79310-1 A*chive.crel) 


madam \C=\VVASToIL=) alas} em at=le(=) oYolo) exer] alu g=oxoy<4 a1 P4-MVoLU [aM 9) afeleo-M-\"/-)a Mim {olUM g-m ale) em ole) ql ats 
https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/ A*hive-orsl 
162 Google Patent, Techniques for emotion detection and content delivery https://patents.google.com/patent/US20150242679 
[Archive org] 

163 APNews, Chinese ‘gait recognition’ tech IDs people by how they walk 
https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a [Archive ore] 

164 The Sun, New CCTV technology could now identify you just by the WAY you walk and your body shape 
https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/ [rchive.orel 

165 City Security Magazine, Gait recognition: a useful identification tool https://citysecuritymagazine.com/security- 
management/gait-recognition-identification-tool/ A"hve-orel 

166 Vice.com, Tech Companies Are Training Al to Read Your Lips https://www.vice.com/en/article/bvzvdw/tech-companies-are- 
training-ai-to-read-your-lips Archive's] 

167 New Atlas, Eye tracking can reveal an unbelievable amount of information about you 
https://newatlas.com/science/science/eye-tracking-privacy/ A*chive-crel 

168 TechCrunch, Facial recognition reveals political party in troubling new research https://techcrunch.com/2021/01/13/facial- 
recognition-reveals-political-party-in-troubling-new-research/ [A’chive.orel 

maceal \Ec1U0] g-Moro) aah t-lolf-] Ma -Toroy=4ali dio) aiastoi slave) (e):4’mers]am=).4 oLext-m ele) [ie(er-] Molal-laleclucolaminelaamarciaele-) (cid(em mele] mal 


https://www.nature.com/articles/s41598-020-79310-1 Achive.ors] 
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Data commonly captured 
by eye trackers geographical 
origin 


concussion 


| chronic pain 


E — vision 
; physical disorders 

eye opening and closure health WW. 
(e.g., blink duration and frequency, biometric \ i obesity 


avg. distance between eyelids) identity Parkinson's 


disease 


cultural 
background F iene 


PTSD 
mental —— autism 


ibl health 
possible Ps satin 


inference , i 
_7 extroversion disorders 
of personal 


information 


eye movements 


(e.g., gaze fixations, saccades, 
smooth pursuit, ocular tremor) 


eye status 
(e.g., reddened, 


watery, dry) personality }— neuroticism 


traits -— curiosity chemistry 
ms / 
_- chess 


(e.g., pupil size, skills and |— sports 
pupil reactivity) iis 
abilities math 


7 
iris characteristics mental level of \ anguages 
(e.g., eye color workload sleepiness 


iris texture) . alcohol 
_7 expectations 


= _~ tobacco 
cognitive }|— memories drug . 
: = — cocaine 
facial attributes Processes j— internal consumption 
(e.g., wrinkles, eye shape, f * reasoning 
skin color, facial expressions) % 


"~ MDMA 


mental computation cannabis 





(illustration from http d.springer.com/chapter/10.1007/978-3-030-42504-3_15 [Archive orsl) 


Those platforms (Google/Facebook) already know who you are for a few reasons: 
e Because you have or had a profile with them, and you identified yourself. 
e Even if you never made a profile on those platforms, you still have one without even knowing 
it 1707 1717 1727 1737 174 
Cia s=Xor- | 01X-Mo) al=) am ol=Yo) 0) (0 ale\YZom m-}exeX=10nVZOLU Mo) mi(o(=Taruli(-com ole Mlamaal=lim areli (ele N AVA el-]anval e) [ede] gas 
e Because other people have put a picture of you in their contact list which they then shared with them. 


Here is also an insightful demo of Microsoft Azure you can try for yourself at htt Zure.mict .com/et 
rvi Vale) acm ZolUlmor-] aol -1n-toi m=) eae) ule) alse] ale mere) eal ey-la-mi-laccmicelaamelliiclacials 
pictures. 


Governments already know who you are because they have your ID/Passport/Driving License pictures and often 
added biometrics (Fingerprints) in their database. Those same governments are integrating those technologies 


170 Slate .- //slate.com/technology/20: acebo aWacissderay facebook-use ey-W Aelerenierha 


171 The Conversation 
172 The Verge hit 


173 ZDNET https://www.zdnet.com/article/anger-mounts-after-facebooks-shad s-lez 
174 CNET http: .cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-ove 
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(often provided by private companies such as the Israeli AnyVision’”°, Clearview Al*”°?”7, or NEC?”%) in their CCTV 
networks to look for “persons of interest”*”?. And some heavily surveilled states like China have implemented 
widespread use of Facial Recognition for various purposes*®” 18 j 


including possibly identifying ethnic minorities?®. A 
ES Taal ed (em izler-ma-Yeco)=4 alin (ola lane) an on’acvo) gale Me) ic<elaiualanmerclamaeliaM’Zel0] ai lii- uuaameene 


Here are some resources detailing some techniques used by Law Enforcement today: 
e CCC video explaining current Law Enforcement surveillance capabilities: https://media.ccc.de/v/rc3-11406- 
spot_the_surveillance#t=761 rchive-orel 
e EFF SLS: https://www.eff.org/sls Archive.crs] 


Apple is making FacelD mainstream and pushing its use to log you into many services including the Banking systems. 


The same goes with fingerprint authentication being mainstreamed by many smartphone makers to authenticate 
yourself. A simple picture where your fingers appear can be used to de-anonymize you?®” 18 1877188, 


The same goes with your voice which can be analyzed for various purposes as shown in the recent Spotify patent?®’. 
Even your iris can be used for identification in some places?” 


We can safely imagine a near future where you will not be able to create accounts or sign in anywhere without 
providing unique biometrics (A suitable time to re-watch Gattaca’*?, Person of Interest?” , and Minority Report?*%). 
And you can safely imagine how useful these large biometrics databases could be to some interested third parties. 


175 Anyvision https://www.anyvision.co/ [Archive ore] 

176 BuzzFeed.news, Surveillance Nation https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial- 
recognition Archiveorel 

17 \Wired, Clearview Al Has New Tools to Identify You in Photos https://www.wired.com/story/clearview-ai-new-tools-identify- 
you-photos/ [Archive.org] 

178 NEC, Neoface https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html [Archive.orel 

179 The Guardian, Met police deploy live facial recognition technology https://www.theguardian.com/uk- 
news/2020/feb/11/met-police-deploy-live-facial-recognition-technology ‘chive-orel 

180 YouTube, The Economist, China: facial recognition and state control https://www.youtube.com/watch ?v=IH2gMNrUuEY 
[Invidious] 

181 CNN, Want your unemployment benefits? You may have to submit to facial recognition first 
https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html *chive-orel 

182 Washington Post, Huawei tested Al software that could recognize Uighur minorities and alert police, report says 
https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities- 
alert-police-report-says/ Archive.ore] 

183 The Intercept, How a Facial Recognition Mismatch Can Ruin Your Life https://theintercept.com/2016/10/13/how-a-facial- 
recognition-mismatch-can-ruin-your-life/ [Tor Mirror] [Archive.org] 

184 Vice, Facial Recognition Failures Are Locking People Out of Unemployment Systems 
https://www.vice.com/en/article/S5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems 
[Archive org] 


185 BBC, WhatsApp photo drug dealer caught by 'groundbreaking' work https://www.bbc.com/news/uk-wales-43711477 
[Archive org] 

186 CNN, Drug dealer jailed after sharing a photo of cheese that included his fingerprints 
https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html *chiveore] 

187 Vice.com, Cops Got a Drug Dealer’s Fingerprints From Photos of His Hand on WhatsApp 


https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers Archive.orel 


188 Kraken Blog, https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/ [A’chive.org] 

189 JUSTIA Patent, Identification of taste attributes from an audio signal https://patents.justia.com/patent/10891948 rchive.ors] 
190 PYMINTS, Iris Scan Serves As Traveler ID At Dubai Airport https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler- 
identification-dubai-airport/ Archive or] 

191 |MDB, Gattaca 1997, https://www.imdb.com/title/tt0119177/ Archivecrel 

192 |MIDB, Person of Interest 2011 https://www.imdb.com/title/tt1839578 Archiveorel 


193 IMDB, Minority Report 2002, https://www.imdb.com/title/tt0181689 Archive-ors] 
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crafting false information (Pictures, Videos, Voice Recordings?*°...) and have already been used for such 

purposes?’ 19”, There are even commercial services for this readily available such as https://www.respeecher.com/ 
[Archive or8] and https://www.descript.com/overdub Mrhive ore, 


See this demo: https://www.youtube.com/watch ?v=t5yw5cR79VA Lnvidious] 


At this time, there are a few steps?” you can use to mitigate (and only mitigate) face recognition when conducting 
sensitive activities where CCTV might be present: 

e Wear a facemask as they have been proven to defeat some face recognition technologies?*? but not all?©°. 

e Wear a baseball cap or hat to mitigate identification from high-angle CCTVs (filming from above) from 
recording your face. Remember this will not help against front-facing cameras. 

e Wear sunglasses in addition to the facemask and baseball cap to mitigate identification from your eye’s 
features. 

e Consider wearing special sunglasses (expensive, unfortunately) called “Reflectacles” 
https://www.reflectacles.com/ “"e °'8], There was a small study showing their efficiency against IBM and 
Amazon facial recognition”. 

e All that might still be useless because of gait recognition mentioned earlier*®? but there might be hope here 
if you have a 3D Printer: https://gitlab.com/FG-01/fg-01 “rchive.ors] 


(Note that if you intend to use these where advanced facial recognition systems have been installed, these measures 
could also flag as you as suspicious by themselves and trigger a human check) 


malialialcarclare msxe\el fe] el aycalale\olalayee 
Phishing” is a social engineering?” type of attack where an adversary could try to extract information from you by 
re) ga1n= atoll ayome) aul anl oY=1ecxolarclalavemcvelaat=lnal layed Acve) aalaxe) alee) ee 


A typical case is an adversary using a man-in-the-middle”’ attack or a fake e-mail/call to ask for your credential for a 
service. This could for example be through e-mail or through impersonating financial services. 


Such attacks can also be used to de-anonymize someone by tricking them into downloading malware or revealing 
personal information over time. The only defense against those is not to fall for them and common sense. 


These have been used countless times since the early days of the internet and the usual one is called the “419 scam” 
(see https://en.wikipedia.org/wiki/Advance-fee_scam !Wikiless] [Archive.org]) | 


Here is a good video if you want to learn a bit more about phishing types: Black Hat, Ichthyology: Phishing as a 
Science https://www.youtube.com/watch?v=Z20XNp-luNA lnvidious) 


194 Wikipedia, Deepfake https://en.wikipedia.org/wiki/Deepfake Wikies] [Archive.org] 


195 Econotimes, Deepfake Voice Technology: The Good. The Bad. The Future https://www.econotimes.com/Deepfake-Voice- 
Technology-The-Good-The-Bad-The-Future-1601278 [Archive.orel 

196 Wikipedia, Deepfake Events https://en.wikipedia.org/wiki/Deepfake#Example_events 
197 Forbes, A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 
https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/ Archive.ors] 
ieeaell [oX1-10) a MRSIK=Y101 ol=10240l w (ON VAM KOM UK =N1Z-1 00 ar-Lell=] Mat=Yeroy=4 aliu (ola i K-Yel alate) oy:aVamicolaaMlel-aldinydlat-@ AelUM aiid VHA Tokt-10) acin-linlol-le-mecolniyAate anor 


(Wikiless] [Archive.org] 


prevent-facial-recognition-technology-from-identifying-you/ A'chive-crel 

199 NIST, Face recognition accuracy with masks using pre-COVID-19 algorithms 
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf Archivecrel 

200 BBC, Facial recognition identifies people wearing masks https://www.bbc.com/news/technology-55573802 Archive.ors] 

201 University of Wisconsin, Exploring Reflectacles As Anti-Surveillance Glasses and for Adversarial Machine Learning in Computer 
Vision http://diglib.-uwgb.edu/digital/api/collection/p17003coll4/id/71/download A'chive-orel 

202 Wikipedia, Phishing https://en.wikipedia.org/wiki/Phishing Wikiless] [Archive.org] 

203 Wikipedia, Social Engineering https://en.wikipedia.org/wiki/Social_engineering (security) Wikiless] [Archive.org] 
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Malware, exploits, and viruses: 


Malware in your files/documents/e-mails: 
Using steganography or other techniques, it is easy to embed malware into common file formats such as Office 
Documents, Pictures, Videos, PDF documents... 


These can be as simple as HTML tracking links or complex targeted malware. 


These could be simple pixel-sized images”™ hidden in your e-mails that would call a remote server to try and get 
your IP address. 


MM at=Xxx-Movol¥] (ol of-M=>-¢0) (oli dlat-r-MYA¥]al-1e-]e)ilnVAlamelameleicel-ie-VeMcolaust-lmelar-laMeoltjcel-ye-\oMx-1-1o(-] mammmcle log) (0) (0) | cMool0] (onal 1a of) 
used to compromise your system. 


See these good videos for more explanations on the matter: 
e What is a File Format? https://www.youtube.com/watch?v=VVdmmNOsu6EE lnvidious] 
e Ange Albertini: Funky File Formats: https://www.youtube.com/watch?v=hdCs6bP Mis "nvidious] 


You should always use extreme caution. To mitigate these attacks, this guide will later recommend the use of 
virtualization (See Appendix W: Virtualization) to mitigate leaking any information even in case of opening such a 
malicious file. 


If you want to learn how to try detecting such malware, see Appendix T: Checking files for malware 


Malware and Exploits in your apps and services: 

So, you are using Tor Browser or Brave Browser over Tor. You could be using those over a VPN for added security. 
S{ULamVCoLOM) aCoLU] (eM \<=l-1 eM la Maaliare Mm dat-\ennal-la-M-] g-M=>40)(e)|ectamel (at-Yol.<) agt-lmecolel (ol o{-M cate)’ 200 o) Ac laMeToN(-let-lava (oll MU la) dato iVanice) 
the App/Browser provider). Such exploits could be used to compromise your system and reveal details to de- 
anonymize you such as your IP address or other details. 


207 208 


A real use case of this technique was the Freedom Hosting*”’ case in 2013 where the FBI inserted malware*” using a 
Firefox browser exploit on a Tor website. This exploit allowed them to reveal details of some users. More recently, 
there was the notable SolarWinds?” hack that breached several US government institutions by inserting malware 
into an official software update server. 


In some countries, Malware is just mandatory and/or distributed by the state itself. This is the case for instance in 
China with WeChat?”° which can then be used in combination with other data for state surveillance*"’. 


There are countless examples of malicious browser extensions, smartphone apps, and various apps that have been 
infiltrated with malware over the years. 


Here are some steps to mitigate this type of attack: 
e You should never have 100% trust in the apps you are using. 


204 BBC, Spy pixels in emails have become endemic https://www.bbc.com/news/technology-56071437 Archive.ors] 

205 Vice, Facebook Helped the FBI Hack a Child Predator https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack- 
child-predator-buster-hernandez "hive ore] 

206 Wikipedia, Exploit https://en.wikipedia.org/wiki/Exploit_(computer_security) 'Wikiless] [Archive.org] 
207 Wikipedia, Freedom Hosting https://en.wikipedia.org/wiki/Freedom_Hosting Wikies] [Archive org] 

208 Wired, 2013 FBI Admits It Controlled Tor Servers Behind Mass Malware Attack https://www.wired.com/2013/09/freedom- 
hosting-fbi/ Archive.orel 

203 Wikipedia, 2020 United States federal government data breach 
https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breac 


210 BBC, China social media: WeChat and the Surveillance State https://www.bbc.com/news/blogs-china-blog-48552907 
[Archive org] 


h [Wikiless] [Archive.org] 





11 The Intercept, Revealed: Massive Chinese Police Database https://theintercept.com/2021/01/29/china-uyghur-muslim- 


avril lelatece Xe) fcYA {Tor Mirror] [Archive.org] 
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e You should always check that you are using the updated version of such apps before use and ideally validate 
each download using their signature if available. 

e You should not use such apps directly from a hardware system but instead, use a Virtual Machine for 
compartmentalization. 


To reflect these recommendations, this guide will therefore later guide you in the use of Virtualization (See Appendix 
W: Virtualization) so that even if your Browser/Apps get compromised by a skilled adversary, that adversary will find 


himself stuck in a sandbox?” without being able to access identifying information or compromise your system. 


Malicious USB devices: 
There are readily available commercial and cheap “badUSB” *3devices that can take deploy malware, log your 
typing, geolocate you, listen to you or gain control of your laptop just by plugging them in. Here are some examples 
that you can already buy yourself: 

e Hak5, USB Rubber Ducky https://shop.hak5.org/products/usb-rubber-ducky-deluxe ’chive-ors] 

CR a -) oY OM (CK Or-] 0) (=m av ud STA ANUANVAVZOL1N0] of -MevelsnVAN\Z-1kelaFave\VAsonls?](e) 74110 Babul 

e Keelog https://www.keelog.com/ chive-crel 

e  AliExpress https://www.aliexpress.com/i/4000710369016.html 4*chivecrsl 


Such devices can be implanted anywhere (charging cable, mouse, keyboard, USB key ...) by an adversary and can be 
Uk Y=Le Koln dpr-[e) @nYZoLU elm xolanlo)ge)anlix-miZole]maelaal olein=) mre) ana at-lad o)ace)al-mam Mal=maaveysim avei-]o)(-M=p ¢-laqle)(-Mel melo alr iai-[e) CMS 
probably Stuxnet?*4 in 2005. 


While you could inspect a USB key physically, scan it with various utilities, check the various components to see if 
they are genuine, you will most likely never be able to discover complex malware embedded in genuine parts of a 
genuine USB key by a skilled adversary without advanced forensics equipment7”. 


To mitigate this, you should never trust such devices and plug them into sensitive equipment. If you use a charging 
(of =\Vi(X-IRYLOL UIE) aVOLU] (o Move) ak} (o(=1 an dal-MULX-Mo) m-M Obs) sMo[-ie- I o)(ole dfal-mel-\U(ecmaat-imn ili el al Nar) ikon melar]ac4[alca olUiam arelar-] a \Vare -] i] 
transfer. Such data blocking devices are now readily available in many online shops. You should also consider 
disabling USB ports completely within the BIOS of your computer unless you need them (if you can). 


Malware and backdoors in your Hardware Firmware and Operating System: 
This might sound a bit familiar as this was already partially covered previously in the Your CPU section. 


Malware and backdoors can be embedded directly into your hardware components. Sometimes those backdoors are 
implemented by the manufacturer itself such as the IME in the case of Intel CPUs. And in other cases, such 
backdoors can be implemented by a third party that places itself between orders of new hardware and customer 
delivery?**. 


Such malware and backdoors can also be deployed by an adversary using software exploits. Many of those are called 
rootkits*’” within the tech world. Usually, these types of malware are harder to detect and mitigate as they are 
implemented at a lower level than the userspace2?° and often in the firmware~’’ of hardware components itself. 


212 Wikipedia, Sandbox https://en.wikipedia.org/wiki/Sandbox_(computer_security) /ikiless] [Archive ore] 

213 Wired, Why the Security of USB Is Fundamentally Broken https://www.wired.com/2014/07/usb-security/ “’chive-orel 

214 Wikipedia, Stuxnet https://en.wikipedia.org/wiki/Stuxnet /ikless] [Archive.org] 

215 Superuser.com, How do | safely investigate a USB stick found in the parking lot at work? 
https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work “rchive.orel 
216 The Guardian, Glenn Greenwald: how the NSA tampers with US-made internet routers 
https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden Archive.ors] 
217 Wikipedia, Rootkit https://en.wikipedia.org/wiki/Rootkit Wikiless] [Archive.org] 

218 Wikipedia, Userspace https://en.wikipedia.org/wiki/User_space !Wikiess] [Archive.org] 

219 Wikipedia, Firmware https://en.wikipedia.org/wiki/Firmware Wikies] [Archive.org] 
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What is firmware? Firmware is a low-level operating system for devices. Each component in your computer probably 
has firmware including for instance your disk drives. The BIOS?2°/UEFI222 system of your machine for instance is a 
type of firmware. 


These can allow remote management and are capable of enabling full control of a target system silently and 
stealthily. 


As mentioned previously, these are harder to detect by users but some limited steps that can be taken to mitigate 
some of those by protecting your device from tampering and use some measures (like re-flashing the bios for 
example). Unfortunately, if such malware or backdoor is implemented by the manufacturer itself, it becomes 
extremely difficult to detect and disable those. 


Your files, documents, pictures, and videos: 


Properties and Metadata: 

This can be obvious to many but not to all. Most files have metadata attached to them. Good examples are pictures 
idatVmrinel a=W =.4 | mecca alco) aa atcla(eamvaaliolamerclam are)(eM-Ws (olaeymllayie)aaat-lilelaMcie lola ltt Cl asmevole) coll at-ie-tsmmn dal (lar aal-lacVA ateyal= 
model took it, and when it was taken precisely. While this information might not directly give out who you are, it 
could tell exactly where you were at a certain moment which could allow others to use various sources to find you 
(CCTV or other footage taken at the same place at the same time during a protest for instance). You must verify any 
LilC=MVCOLUM VOLO] Colm oLUimolamapVols(-M o) f-laiolanakwie)mr-] anya e) ae) el-fadi-\muar-] maali-4almale)cem-lanvaiayce)aaar-ld(e)aiaat-lmaalt-4aien (-t-(ell o-leqine) 
you. 


Here is an example of EXIF data that could be on a picture: 


GPS Altitude 31.9 m 

GPS Latitude 6deg 14' 7.620" 

GPS Longitude 106deg 49' 30.210" 
Image information 

Date and Time 2018:08:24 15:47:27 

Manufacturer Pye) 9) (3 

Model iPhone 6s 
- Phtographinformation 

Aperture F2.2 

Exposure Bias OEV 

Exposure Mode Auto 

Exposure Program ENT) Ce) 

Exposure Time 1/874 s 

Flash No, auto 

FNumber F2.2 

Focal Length 4.2 mm 

ISO Speed Ratings 25 

Metering Mode Multi-segment 

Shutter speed 1/874 s 

White Balance ENT) Ce) 


220 Wikipedia, BIOS https://en.wikipedia.org/wiki/BIOS !ikiess] [Archive org] 
221 Wikipedia, UEFI https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface 'Wikiess] [Archive.org] 


222 Bellingcat, Joseph Mifsud: Rush for the EXIF https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush- 
exif/ [Archive.org] 
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(IIlustration from Wikipedia) 


This also works for videos. Yes, videos too have geo-tagging, and many are very unaware of this. Here Is for instance 
a very convenient tool to geo-locate YouTube videos: https://mattw.io/youtube-geofind/location “"hve-or8] 


For this reason, you will always have to be incredibly careful when uploading files using your anonymous identities 
and check the metadata of those files. 


AV=VaM iM OLUM LOL olICaM- Wellin) cm 1(-Pm COLUM aLolUl ol] iV reMeMoLolt) o) (Mola aale)(-trolsl-\o @imcoler-lalvmlavielgtat-ld(ola (-t-).¢l-4-M o\-1 ie) a=) 
publishing. You will find some guidance about this in the Some additional measures against forensics section at 
the end of the guide. 


Watermarking: 


Pictures/Videos/Audio: 
Pictures/Videos often contain visible watermarks indicating who is the owner/creator but there are also invisible 
watermarks in various products aiming at identifying the viewer itself. 


So, if you are a whistleblower and thinking about leaking some picture/audio/video file. Think twice. There are 
chances that those might contain invisible watermarking within them that would include information about you as a 
viewer. Such watermarks can be enabled with a simple switch in like Zoom (Video?”? or Audio”*) or with 
extensions””° for popular apps such as Adobe Premiere Pro. These can be inserted by various content management 
systems. 


For a recent example where someone leaking a Zoom meeting recording was caught because it was watermarked: 
https://theintercept.com/2021/01/18/leak-zoom-meeting/ '" Miron] [Archive.org] 


2267 2271 228/229 PEI0) 


Such watermarks can be inserted by various products and can resist 


compression2*! and re-encoding”?”’ 23, 


using Steganography 


These watermarks are not easily detectable and could allow identification of the source despite all efforts. 


In addition to watermarks, the camera used for filming (and therefore the device used for filming) a video can also 
be identified using various techniques such as lens identification?** which could lead to de-anonymization. 


Be extremely careful when publishing videos/pictures/audio files from known commercial platforms as they might 
contain such invisible watermarks in addition to details in the images themselves. There is no guaranteed 100% 
protection against those. You will have to use common sense. 


Printing Watermarking: 
Did you know your printer is most likely spying on you too? Even if it is not connected to any network? This is usually 
a known fact by many people in the IT community but few outside people. 


223 790m Support, Adding a watermark https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark A'chive-cre] 
224 790m Support, Audio Watermark https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark ’chive.cre] 
225 CreativeCloud Extension, IMATAG https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark- 
and-image-monitoring.html ’chive.orel 

226 NexGuard, https://dtv.nagra.com/nexguard-forensic-watermarking "hve-or8] 

227 Vobile Solutions, https://www.vobilegroup.com/ [Archive.orel 

228 Cinavia, https://www.cinavia.com/languages/english/pages/technology.html Archive-crel 


229 Imatag, https://www.imatag.com/ Archive.ors] 


230 Wikipedia, Steganography https://en.wikipedia.org/wiki/Steganography Wikiess] [Archive.org] 
231 IEEExplore, A JPEG compression resistant steganography scheme for raster graphics images 
https://ieeexplore.ieee.org/document/4428921 Archive ors] 

232 ScienceDirect, Robust audio watermarking using perceptual masking 
https://www.sciencedirect.com/science/article/abs/pii/S0165168498000140 Archive ore] 


233 |FEExplore, Spread-spectrum watermarking of audio signals https://ieeexplore.ieee.org/abstract/document/1188746 
[Archive org] 


234 Google Scholar, source camera identification https://scholar.google.com/scholar?q=source+cameratidentification Arche] 
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Yes ... Your printers can be used to de-anonymize you as well as explained by the EFF here 
https://www.eff.org/issues/printers Archive.crs] 


With this (old but still relevant) video explaining how from the EFF as well: 
https://www.youtube.com/watch ?v=izMGMssIZK4U !Invidious] 


Many printers will print an invisible watermark allowing for identification of the printer on every printed page. This is 
called Printer Steganography”. There is no tangible way to mitigate this but to inform yourself on your printer and 
make sure it does not print any invisible watermark. This is important if you intend to print anonymously. 


Here is an (old but still relevant) list of printers and brands who do not print such tracking dots provided by the EFF 
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots ’chive.orel 


Here are also some tips from the Whonix documentation (https://www.whonix.org/wiki/Printing_and_Scanning 
[Archive orel). 


Do not ever print in Color, usually, watermarks are not present without color toners/cartridges*°. 


Pixelized or Blurred Information: 
Did you ever see a document with blurred text? Did you ever make fun of those movies/series where they “enhance” 
an image to recover seemingly impossible-to-read information? 


Well, there are techniques for recovering information from such documents, videos, and pictures. 


Here is for example an open-source project you could use yourself for recovering text from some blurred images 
yourself: https://github.com/beurtschipper/Depix A”hive-orel 


Het Lo from the other cide 


Hello from ie other side 





This is of course an open-source project available for all to use. But you can imagine that such techniques have 
fe) xe) of-] 0) a el=\=1a MOK =Xe Ml ol=) (0) gm o\ meld ar=) mr-LohY{=) ecy-] a (=tSeam Mal =S(= Mo ]U] (ofl oL-MUI-Lom Koma =\Z-t-] mo) aa -tomlalcelanar-ia(olaminelsameleloliarqte 
documents that could then be used to de-anonymize you. 


There are also tutorials for using such techniques using Photo Editing tools such as GIMP such as 
https://medium.com/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b Sribe-riPl 


[Archive org] followed by https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d 
[Scribe.rip] [Archive.org] 


235 Wikipedia, Printing Steganography https://en.wikipedia.org/wiki/Machine_Identification_Code !ikless] [Archive org] 
236 MIT, SeeingYellow, http://seeingyellow.com/ A’hive-orel 
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The Hitchhiker's Guide to Online Anonymity 





Finally, you will find plenty of deblurring resources here: https://github.com/subeeshvasu/Awesome-Deblurring 
[Archive org] 


Some online services could even help you do this automatically to some extent like MyHeritage.com enhance tool: 
https://www.myheritage.com/photo-enhancer chive ore] 


Here is the result of the above image: 





Of course, this tool is more like “guessing” than really deblurring at this point, but it could be enough to find you 
using various reverse image searching services. 


For this reason, it is always extremely important that you correctly redact and curate any document you might want 
to publish. Blurring is not enough, and you should always completely blacken/remove any sensitive data to avoid any 
attempt at recovering data from any adversary. Do not pixelized, do not blur, just put a hard black rectangle to 
redact information. 


Your Cryptocurrencies transactions: 
Contrary to widespread belief, Crypto transactions (such as Bitcoin and Ethereum) are not anonymous”?’. Most 
cryptocurrencies can be tracked accurately through various methods?” 229, 


PEY) 4 Niel lemelg-4 


arXiv, An Analysis of Anonymity in the Bitcoin System https://arxiv.org/abs/1107.452 
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Remember what they say on their page: https://bitcoin.org/en/you-need-to-know /*hWve--rl and 
https://bitcoin.org/en/protect-your-privacy *"hve-or8l: “Bitcoin is not anonymous” 


The main issue is not setting up a random Crypto wallet to receive some currency behind a VPN/Tor address (at this 
point, the wallet is anonymous). The issue is mainly when you want to convert Fiat money (Euros, Dollars ...) to 
Crypto and then when you want to cash in your Crypto. You will have few realistic options but to transfer those to an 
exchange (such as Coinbase/Kraken/Bitstamp/Binance). Those exchanges have known wallet addresses and will keep 
detailed logs (due to KYC”” financial regulations) and can then trace back those crypto transactions to you using the 
financial system24?. 


There are some cryptocurrencies with privacy/anonymity in mind like Monero but even those have some and 
warnings to consider?4” 23, 


Even if you use Mixers or Tumblers” (services that specialize in “anonymizing” cryptocurrencies by “mixing them”), 
keep in mind this is only obfuscation*° and not actual anonymity””®. Not only are they only obfuscation but they 
(oXo]b](olr-] om oLU] mV COLUM [amagele]o)(-m-IcmVZolUmaalt-4aim=)aleMe] om=>.Colar-lal4| atom ele] mola elmo m-t-x-][asimmme| [an amolayelKe Md al-1MnT-SMUKY-\e MIA] 
various questionable contexts”. 


ai ale lol=sm alolamaat=t-1ainvZelemor-]alacel mUK =m s)i neo) iam-lave)ay’/aatelels)\var-imr-]| Mm Cole Morland 0l-]|\VMUI-m s}i nee) [ale] ave) anvaavele ls) \Var-lsm (ol alsareks 
you do not convert it to actual currency and use a Bitcoin wallet from a safe anonymous network. Meaning you 
should avoid KYC/AML regulations by various exchanges and avoid using the Bitcoin network from any known IP 
address. See Appendix Z: Paying anonymously online with BTC (or any other cryptocurrency). 


Overall, the best option for using Crypto with reasonable anonymity and privacy is still Monero and you should 
ideally not use any other for sensitive transactions unless you are aware of the limitations and risks involved. 
Please do read Appendix B2: Monero Disclaimer. 


TLDR: Use Monero! 


Your Cloud backups/sync services: 

All companies are advertising their use of end-to-end encryption (E2EE). This is true for almost every messaging app 
lave MN=1 eX 1X-M Um Mas) eV 0) 6) (<Wr-l ale Gloley-4(-M-]e-W-lo\ lad) amu alt] MOK Y-Me) -lalel av old ola Me) amdal-iiay-Vale|qe)(oMme(-\ilecte-lalemaatclie 
iPhones. 


sHULanYVZa¥eieme=) fol] anYZoL0] ml of Vol, 40] olsiram Ml alols{oM-10] kolpat-1naXe | @i(olUleVACtofoy4{-M D)a\VZom of-[o1.40] oMVZOLUM are) iole 


Well, you should know that most of those backups are not fully end-to-end encrypted and will hold some of your 
information readily available for a third party. You will see their claims that data is encrypted at rest and safe from 
anyone ... Except they usually do keep a key to access some of the data themselves. These keys are used for them 
indexing your content, recover your account, collecting various analytics. 


238 Bellingcat, How To Track Illegal Funding Campaigns Via Cryptocurrency, https://www.bellingcat.com/resources/how- 
tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/ *chive-orel 
233 CoinDesk, Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops 


https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/ Archive ors] 


240 Wikipedia, KYC https://en.wikipedia.org/wiki/Know_your_customer Wikiless] [Archive org] 

241 arXiv.org, Probing the Mystery of Cryptocurrency Theft: An Investigation into Methods for Taint Analysis 
https://arxiv.org/pdf/1906.05754. pdf Archive.orel 

242 YouTube, Breaking Monero https://www.youtube.com/watch?v=WOyC60B6ezA&list=PLsSYUeVwrHBnAUre2G_LYDsdo- 
tDOov-y [Invidious] 

243 Monero, Monero vs Princeton Researchers, https://monero.org/monero-vs-princeton-researchers/ 'chive.orel 


244 Wikipedia, Cryptocurrency Tumbler https://en.wikipedia.org/wiki/Cryptocurrency_tumbler Wikiless] [Archive org] 


245 Wikipedia, Security Through Obscurity https://en.wikipedia.org/wiki/Security_through_obscurity 'ikiless] [Archive.org] 
246 ArXiv, Tracking Mixed Bitcoins, https://arxiv.org/abs/2009.14007 [Archive.ors] 
247 SSRN, The Cryptocurrency Tumblers: Risks, Legality and Oversight 


https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3080361 ’hive orel 
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There are specialized commercial forensics solutions available (Magnet Axiom’, Cellebrite Cloud?”’) that will help 
an adversary analyze your cloud data with ease. 


Notable Examples: 

e Apple iCloud: https://support.apple.com/en-us/HT202303 /"hive-ors] : “Messages in iCloud also uses end-to- 
end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting 
your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your 
trusted devices. “. 

CY C(oloy=4 (=U Da A=W] ale MYA" at-1ec¥-\ 0) of ala ocoy Mate MWA aveLuct-] 0] MoCo) gaVA-lalel go) lo) Aol ate1asV 2] ole] 0] mx sxoloyed (=ero] ahVi2t of-Yol.40] oly 
[Archive org]: “Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in 
(eT oLoy-4 (=D) tt - Manne DLO aL) NVZ=NZ=) uae KoM Wate] eM mr-l@c=) oXoLe) GAUAa¥e1ect-] 6) 0M ath Vcm- al aCe] alecclo id a\oM ae) | (oLUimoym=lalolavz elute, 
backups on October 14" 2021 (https://about.fb.com/news/2021/10/end-to-end-encrypted-backups-on- 
whatsapp/ /"hve-r8l) which should solve this issue (this hasn’t been rolled out everywhere yet). 

e Dropbox: https://www.dropbox.com/privacy#terms 4‘hve-°r8] “To provide these and other features, Dropbox 
accesses, stores, and scans Your Stuff. You give us permission to do those things, and this permission 
extends to our affiliates and trusted third parties we work with”. 

e Microsoft OneDrive: https://privacy.microsoft.com/en-us/privacystatement “"hve-o8]: Productivity and 
communications products, “When you use OneDrive, we collect data about your usage of the service, as well 
as the content you store, to provide, improve, and protect the services. Examples include indexing the 
contents of your OneDrive documents so that you can search for them later and using location 
information to enable you to search for photos based on where the photo was taken”. 


You should not trust cloud providers with your (not previously and locally encrypted) sensitive data and you should 
be wary of their privacy claims. In most cases, they can access your data and provide it to a third party if they want 
too 


The only way to mitigate this is to encrypt your data on your side and then only upload it to such services or just not 
use them at all. 


Your Browser and Device Fingerprints: 
Your Browser and Device Fingerprints*” are set of properties/capabilities of your System/Browser. These are used 
on most websites for invisible user tracking but also to adapt the website user experience depending on their 
browser. For instance, websites will be able to provide a “mobile experience” if you are using a mobile browser or 
propose a specific language/geographic version depending on your fingerprint. Most of those techniques work with 
recent Browsers like Chromium-based?*! browsers (such as Chrome/Edge) or Firefox? unless taking specific 


measures. 


You can find a lot of detailed information and publications about this on these resources: 
e = https://amiunique.org/links 4'chive-ors] 
e https://brave.com/brave-fingerprinting-and-privacy-budgets/ "he's! 


Most of the time, those fingerprints will, unfortunately, be unique or nearly unique to your Browser/System. This 
means that even If you log out from a website and then log back in using a different username, your fingerprint 
might remain the same if you did not take precautionary measures. 


An adversary could then use such fingerprints to track you across multiple services even if you have no account on 
any of them and are using adblocking. These fingerprints could in turn be used to de-anonymize you if you keep the 
same fingerprint between services. 


248 Magnet Forensics, Magnet AXIOM https://www.magnetforensics.com/products/magnet-axiom/cloud/ Archive rel 

249 Cellebrite, Unlock cloud-based evidence to solve the case sooner https://www.cellebrite.com/en/ufed-cloud/ ”hive-or8] 
250 Property of the People, https://propertyofthepeople.org/document-detail/?doc-id=21114562 Archive.ora] 

cam @lal co)aali0laam Broce ant-laleclacolapm K-xe alal(ercliclarclAICMeLmeall(-lalal(el-lardiiteclate)amaal-vear-lalciaas 
https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms#TOC-Machine- 


specific-characteristics Archive or8l 


252 Mozilla Wiki, Fingerprinting https://wiki.mozilla.org/Fingerprinting Ache! 
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It should also be noted that while some browsers and extensions will offer some fingerprint resistance, this 
resistance in itself can also be used to fingerprint you as explained here https://palant.info/2020/12/10/how-anti- 
fingerprinting-extensions-tend-to-make-fingerprinting-easier/ 'hive-orel 


This guide will mitigate these issues by mitigating, obfuscating, and randomizing many of those fingerprinting 
identifiers by using Virtualization (See Appendix W: Virtualization), using specific recommendations (See Appendix 
A5: Additional browser precautions with JavaScript enabled and Appendix V1: Hardening your Browsers) and using 
by fingerprinting resistant Browsers (Brave and Tor Browser). 


Local Data Leaks and Forensics: 

Most of you have probably seen enough Crime dramas on Netflix or TV to know what forensics are. These are 
technicians (usually working for law enforcement) that will perform various analysis of evidence. This of course could 
Tarelletel=mv ole] mvaat-lanelarear-melmt-] eine) op 


While these might be done by an adversary when you already got “burned”, these might also be done randomly 
during a routine control or a border check. These unrelated checks might reveal secret information to adversaries 
that had no prior knowledge of such activities. 


Forensics techniques are now very advanced and can reveal a staggering amount of information from your devices 
even if they are encrypted’°*. These techniques are widely used by law enforcement all over the world and should be 
considered. 


Here are some recent resources you should read about your smartphone: 
e UpTurn, The Widespread Power of U.S. Law Enforcement to Search Mobile Phones 
https://www.upturn.org/reports/2020/mass-extraction/ Archive.ore] 
e New-York Times, The Police Can Probably Break Into Your Phone 
https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html| “hive ors] 
e Vice, Cops Around the Country Can Now Unlock iPhones, Records Show 
https://www.vice.com/en/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police “’hve ore) 


| also highly recommend that you read some documents from a forensics examiner perspective such as: 

e EnCase Forensic User Guide, http://encase- 
docs.opentext.com/documentation/encase/forensic/8.07/Content/Resources/External%20Files/EnCase%20 
Forensic%20v8.07%20User%20Guide. pdf Archive-ore) 

e FTK Forensic Toolkit, https://accessdata.com/products-services/forensic-toolkit-ftk “rhve-ors] 

e SANS Digital Forensics and Incident Response Videos, 
alae CXS PAVA AN VANZOLO1A0] oxo) gaV Ko ASYAN\ IS) Dod] t-] | o) =v akt [ey AVA [o(=Leks 


And finally, here is this very instructive detailed paper on the current state of |OS/Android security from the John 
Hopkins University: https://securephones.io/main.html?™*. 


When it comes to your laptop, the forensics techniques are many and widespread. Many of those issues can be 
mitigated by using full disk encryption, virtualization (See Appendix W: Virtualization), and compartmentalization. 
This guide will later detail such threats and techniques to mitigate them. 


Bad Cryptography: 


There is a frequent adage among the infosec community: “Don’t roll your own crypto!”. 


And there are reasons” *°°*°/’258 for that: 


253 Grayshirt, https://www.grayshift.com/ Archive ore] 

254 Securephones.io, Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions 
https://securephones.io/main.pdf “chive crel 

255 Loup-Vaillant.fr, Rolling Your Own Crypto https://loup-vaillant.fr/articles/rolling-your-own-crypto "chive ovel 

zackeml D) Yo) (2M \V Co) pale1al eH @la=lol.q 010) a @laV] ol noy=4er-]e] Nate) ale McY=Tol0] gh aVam il aY=X-] €=) mu ald okH¥ AM Acfor-h te) el 0) (0)=4 P10 PMN, OPA )2) KolgeTol.delo) mrel ay olne)=4e-]0) ah aar-lalees 


security-theater/ [Archive.org] 
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AN oL6l (eM avo) mane] auem eX=Lo) e)(-Me | k{ecoU]e--]-<-1 lm ice) aa Mime Lon [ay -ar-laVom[alaren Zia) alcallamaal=melay/ olnom i(-1(ol ol -Yor-]0K\-M ey mid at-]er-o[-]-4-BEste) 
instead, | would recommend people to be cautious with “Roll your own crypto” because it is not necessarily good 
crypto: 

e Good cryptography is not easy and usually takes years of research to develop and fine-tune. 

e Good cryptography is transparent and not proprietary/closed source so it can be reviewed by peers. 

e Good cryptography is developed carefully, slowly, and rarely alone. 

e Good cryptography is usually presented and discussed in conferences and published in various journals. 

e Good cryptography is extensively peer-reviewed before it is released for use in the wild. 

e Using and implementing existing good cryptography correctly is already a challenge. 


Yet, this is not stopping some from doing it anyway and publishing various production Apps/Services using their self- 
raat-\o(=Molav] one} -4e-] 0) a) Ve) a one) o)a(=18-] aVmellekX-1e ecVolU | germ aal=1aa Tele i 
Camm COLUM) aoe] Coli] 0) 0) Narer-]ULu(ol amu aT=) pMUL alsa -\ 0) ofc) msYo) avd [@C=XMUISI aT aol (olsvaLe col] cot=M0) wl 0] go) 6) a(ie-] av =) pel avs old lo)amnataiaareye (oe 
All the good crypto standards are public and peer-reviewed and there should be no issue disclosing the one 
you use. 
e You should be wary of Apps/Services using a “modified” or proprietary cryptographic method’. 
e By default, you should not trust any “Roll your own crypto” until it was audited, peer-reviewed, vetted, and 
accepted by the cryptography community?°” 2°. 


e There is no such thing as “military-grade crypto” 7°” 6% 264, 


(Olav 0) Xo}<4e--] ©) aN aie mxe) an ol(=>, axe) e)(omr-] ale ef-lo Mola, o1neys4q-] 0) a\Vmerol¥] (om =¥-151 \Val (=¥-(e nom ole] mel-er-lalelan’anlrz-1d(e) an 


In the context of this guide, | recommend sticking to Apps/Services using well-established, published, and peer- 
reviewed methods. 


So, what to prefer and what to avoid as of 2021? You will have to look up for yourself to get the technical details of 
each app and see if they are using “bad crypto” or “good crypto”. Once you get the technical details, you could check 
this page for seeing what it is worth: https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html 


[Archive org] 


Here are some examples: 
e Hashes: 
o Prefer: SHA-3 or BLAKE2?° 
o Still relatively ok to use: SHA-2 (such as the widely used SHA256 or SHA512) 
o Avoid: SHA-1, MD5 (unfortunately still widely used), CRC, MD6 (rarely used) 
e File/Disk Encryption: 
oO Prefer: 


257 Vice.com, Why You Don't Roll Your Own Crypto https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own- 
rave) 
258 arXiv, MIT, You Really Shouldn’t Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries 
https://arxiv.org/pdf/2107.04940. paf [Archivecrel 

259 YouTube, Great Crypto Failures https://www.youtube.com/watch Pv=loy84K3AJ5Q [nvidious] 

260 Cryptography Dispatches, The Most Backdoor-Looking Bug I’ve Ever Seen https://buttondown.email/cryptography- 


re) [Archive.org] 


dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/ A‘chive.or8l 

261 Citizenlab.ca, Move Fast and Roll Your Own Crypto https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick- 
look-at-the-confidentiality-of-zoom-meetings/ A"hive-orel 

carom F-Yol au roo) a Mam Mav=M aah ada Meym anlilicc]avasda-\ol-M-lalelay/e)a(e)aM alnd e\<eyMAgal-loll] aa mero) saya Cicluel|e)al-leanal-maanvadaboleaalilit-laveie-le(-e-laleayela(elae 
292313ae6369 [Scribe.rip] [Archive org] 

63 Congruent Labs, Stop calling it "Military-Grade Encryption" https://blog.congruentlabs.co/military-grade-encryption/ 
[Archive org] 


264 IronCoreLabs Blog, “Military Grade Encryption” https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588 
[Archive org] 


265 Wikipedia, BLAKE2, https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2 !Wikless] [Archive org] 
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= Hardware Accelerated©: AES (Rijndael) 256 Bits with HMAC-SHA-2 or HMAC-SHA-3 (This is 
what Veracrypt, Bitlocker, Filevault 2, KeepassXC, and LUKS use by default). Prefer SHA-3. 
= Non-Hardware Accelerated: Same as accelerated above or if available consider: 
e ChaCha20’°’ or XChaCha20 (You can use ChaCha20 with Kryptor 
https://www.kryptor.co.uk, unfortunately, it is not available with Veracrypt). 
e Serpent? 
e TwoFish?© 
o Avoid: Pretty much anything else 
e Password Storage: 
o Prefer: argon2, scrypt, bcrypt, or if not possible at least PBKDF2 (only as a last resort) 
o Avoid: SHA-3, SHA-2, SHA-1, MD5 
e Browser Security (HTTPS): 
o Prefer: TLS 1.3 (ideally TLS 1.3 with ECH/eSNI support) or at least TLS 1.2 (widely used) 
o Avoid: Anything Else (TLS =<1.1, SSL =<3) 
e Signing messages/files with PGP/GPG: 
o Prefer ECDSA (ed25519)+ECDH (ec25519) or RSA 4096 Bits* 
"Consider a more modern?” alternative to PGP/GPG: Minisign 
https://jedisct1.github.io/minisign/ 4" 7! 
o Avoid: RSA 2048 bits 
e SSH keys: 
o £D25519 (preferred) or RSA 4096 Bits* 
o Avoid: RSA 2048 bits 


* Warning: RSA and ED25519 are unfortunately not seen as “Quantum Resistant”2”! and while they have not been 
broken yet, they probably will be broken someday into the future. It is just a matter of when rather than if RSA 
will ever be broken. So, these are preferred in those contexts due to the lack of a better possibility. 


Here are some real cases of issues bad cryptography: 

e Telegram: https://democratic-europe.eu/2021/07/20/cryptographers-uncover-four-vulnerabilities-in- 
telegram/ Archive ore] 

e Telegram: https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most- 
backdoor-looking/ 4"hve-ors) 

e Cryptocat: https://web.archive.org/web/20130705051050/https://blog.crypto.cat/2013/07/new-critical- 
vulnerability-in-cryptocat-details/ 

e Some other examples can be found here: https://www.cryptofails.com/ “chive ore) 


Later this guide will not recommend “bad cryptography” and that should hopefully be enough to protect you? 


No logging but logging anyway policies: 

Many people have the idea that privacy-oriented services such as VPN or E-Mail providers are safe due to their no- 
logging policies or their encryption schemes. Unfortunately, many of those same people forget that all those 
providers are legal commercial entities subject to the laws of the countries in which they operate. 


Any of those providers can be forced to silently (without your knowing (using for example a court order with a gag 
order?” or a national security letter?’*) log your activity to de-anonymize you. There have been several recent 
examples of those: 


266 Wikipedia, AES Instruction Set, https://en.wikipedia.org/wiki/AES_instruction_set 'Wikiless] [Archive.org] 
267 \Wikipedia, ChaCha Variants, https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant Wikies] [Archive.org] 
268 Wikipedia, Serpent, https://en.wikipedia.org/wiki/Serpent_(cipher) 'Wikiless] [Archive.org] 

269 Wikipedia, TwoFish, https://en.wikipedia.org/wiki/Twofish Wikiless] [Archive.org] 

270 Lacatora, The PGP Problem https://latacora.singles/2019/07/16/the-pgp-problem.html [rchive.orel 

271 Wikipedia, Shor’s Algorithm, https://en.wikipedia.org/wiki/Shor%27s_algorithm Wikies] [Archive.org] 

272 Wikipedia, Gag Order, https://en.wikipedia.org/wiki/Gag_order 'Wikiless] [Archive.org] 
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e 2021, ProtonMail, ProtonMail logged IP address of French activist after an order by Swiss authorities?”*. 

e 2021, WindScribe, Servers were not encrypted as they should have been allowing MITM attacks by 
authorities?”°. 

e 2021, DoubleVPN servers, logs, and account info seized by law enforcement?”°. 

e 2021, The Germany-based mail provider Tutanota was forced to monitor specific accounts for 3 months”. 

e 2020, The Germany-based mail provider Tutanota was forced to implement a backdoor to intercept and save 
copies of the unencrypted e-mails of one user?” (they did not decrypt the stored e-mail). 

e 2017, PureVPN was forced to disclose information of one user to the FBI?”’. 

e 2014, an EarthVPN user was arrested based on logs provider to the Dutch Police*®°. 

e 2013, Secure E-Mail provider Lavabit shuts down after fighting a secret gag order7*. 


e 2011, HideMyAss user was de-anonymized, and logs were provided to the FBI?®. 


Some providers have implemented the use of a Warrant Canary”? that would allow their users to find out if they 
have been compromised by such orders, but this has not been tested yet as far as | know. 


Finally, it is now well known that some companies might be sponsored front ends for some state adversaries (see the 
Crypto AG story”** and Omnisec story?®). 


For these reasons, you mustn't trust such providers for your privacy despite all their claims. In most cases, you will 
be the last person to know if any of your accounts were targeted by such orders and you might never know at all. 


To mitigate this, in cases where you want to use a VPN, | will recommend the use of a cash/Monero-paid VPN 
provider over Tor to prevent the VPN service from knowing any identifiable information about you. 


If the VPN provider knows nothing about you, it should mitigate any issue due to them not logging but logging 
anyway. 


273 Wikipedia, National Security Letter https://en.wikipedia.org/wiki/National_security_letter 'Wikiless] Archive.org} 

274 TechCrunch, ProtonMail logged IP address of French activist after order by Swiss authorities 
https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ Archive ol 
275 ArsTechnica, VPN servers seized by Ukrainian authorities weren’t encrypted https://arstechnica.com/gadgets/2021/07/vpn- 
servers-seized-by-ukrainian-authorities-werent-encrypted/ [rchive.crel 

276 BleepingComputer, DoubleVPN servers, logs, and account info seized by law enforcement 
https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/ 
[Archive org] 

277 CyberScoop, Court rules encrypted email provider Tutanota must monitor messages in blackmail case 
https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/ [Archive ore] 

278 Heise Online (German), https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion- 
4972460.html Archive ore] 

279 PCMag, Did PureVPN Cross a Line When It Disclosed User Information? https://www.pcmag.com/opinions/did-purevpn- 
cross-a-line-when-it-disclosed-user-information Archive.ore] 

280 Internet Archive, Wipeyourdata, “No logs” EarthVPN user arrested after police finds logs https://archive.is/KNuVwi#selection- 
230.0-230.1 Archive.orsl 


281 Wikipedia, Lavabit Suspension and Gag order, https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_ order 
[Archive org] 


[Wikiless] 


282 Internet Archive, Invisibler, What Everybody Ought to Know About HideMyAss https://archive.is/ag9w4#selection-136.0- 

Son 

283 Wikipedia, Warrant Canary https://en.wikipedia.org/wiki/Warrant_canary 'ikless] [Archive.org] 

284 Washington Post, The intelligence coup of the century https://www.washingtonpost.com/graphics/2020/world/national- 
security/cia-crypto-encryption-machines-espionage/ Archive.ors] 

285 Swissinfo.ch, Second Swiss firm allegedly sold encrypted spying devices https://www.swissinfo.ch/eng/second-swiss-firm- 


allegedly-sold-encrypted-spying-devices/46186432 Archive ors] 
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Some Advanced targeted techniques: 


a. 


zee) 





(Illustration: an excellent movie | highly recommend: Das Leben der Anderen 


Many advanced techniques can be used by skilled adversaries2*” to bypass your security measures provided they 
already know where your devices are. Many of those techniques are detailed here https://cyber.bgu.ac.il/advanced- 
cyber/airgap "veel (Air-Gap Research Page, Cyber-Security Research Center, Ben-Gurion University of the Negev, 
Israel) but also in this report https://www.welivesecurity.com/wp- 
content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf chive orel (ESET, JUMPING 
THE AIR GAP: 15 years of nation-state effort) and include: 
e Attacks requiring malware implants: 
o  Exfiltration of Data through a Malware infected Router: 
https://www.youtube.com/watch?v=mSNt4h7 EDKo lnvidious] 
o  Exfiltration of Data through observation of Light variation in a Backlit keyboard with a compromised 
camera: https://www.youtube.com/watch?v=1kBGDHVr7x0 lnvidious] 
= Exfiltration of Data through a compromised Security Camera (that could first use the 
previous attack) https://www.youtube.com/watch?v=om5fNqkjj2M lnvidious] 
=" Communication from outsider to compromised Security Cameras through IR light signals: 
https://www.youtube.com/watch?v=auoYKSzdOj4 "nvidious] 
o  Exfiltration of data from a compromised air-gapped computer through acoustic analysis of the FAN 
noises with a smartphone https://www.youtube.com/watch ?v=v2_sZIfZkDQ !nvidious] 
omen => 4ilide-iulo)p Mo) mol-lt-WigelaaW-Weat-l\"r-]a=eilaycexeinclomr-][erct-) 0] ol-Yomoce)on) ol0 inc) anua)cel0):1aNn|D Mai DMN iam MD) celal 
https://www.youtube.com/watch?v=4vlu8ld68fc lnvidious] 
o Exfiltration of data from a USB malware on an air-gapped computer through electromagnetic 
interferences https://www.youtube.com/watch?v=E28V1t-k8Hk lnvidious] 
omen => .4ilide-1ulo)p Mo) mol-\t-Wigelaau-Waat-l\"-]a=tllalccveinclom n|D)D Wel ahVcMualqel0]s4 gM oe)’{-1amr-\xolUKiu(om ale) KY=) 
https://www.youtube.com/watch?v=H7IQXmSLIiP8 "nvidious] 
o  Exfiltration of data through GSM frequencies from a compromised (with malware) air-gapped 
computer https://www.youtube.com/watch?v=RChj7Mg3rC4 linvidious] 
o Exfiltration of data through electromagnetic emissions from a compromised Display device 
https://www.youtube.com/watch ?v=20zTWiGI1rM&t=20s lnvidious] 
omen => .4ilide-1ulo)p Mo) Mol-lit-MdelgolUl=4 all aav-l-4at-valom "FNM ico) pale-Mevo) aay o)gelaalixcvomr-] | aret-] 0) el-Yomao)an) olUin=) mine lr] 
Smartphone stored inside a Faraday bag https://www.youtube.com/watch?v=yz8E5n1Tzlo Mnvidious] 
omen co) aalanielalier-likolam ol-1m\(-1-1a man’ Zom eco) aale)co)aalkx-vomr-]laxx-] 6) ol=\e meve)aalolbin-) ambi) al-mU) ida-ssvo) al (ome l0) aleN Vl ess 
https://www.youtube.com/watch ?v=yz8E5n1Tzlo lvidious] 
omen => dil ida-1a(o)a me) siineo) [aM "slic |(-Vanino)pam-Mocolaale)olaalii-Yomr-) | axcx-] 0) of-Yoloce)oa) ol0iu-) an Kolr-Miany-] ade) alo)al= 
https://www.youtube.com/watch ?v=2WtiHZNevey lnvidious] 


286 Wikipedia, Das Leben der Anderen https://en.wikipedia.org/wiki/The_Lives_of_Others 'Wikiless] [Archive.org} 
287 Wired, Mind the Gap: This Researcher Steals Data With Noise, Light, and Magnets https://www.wired.com/story/air-gap- 


researcher-mordechai-guri/ [Archive org] 


Page 53 of 243 








MateM mlineinlall¢-ieecn 10) (elmo @)alilat-w-Valey an zanlia’s 


om > .4ilide-ia(o)a mo) DY-\e-MicolpaW-Moce)anle)colaaliy-em-)[ex-x-] 0] elle move) an) oLUin=) a Uc\[alzmel is} e)(-hval olal ami alas 
https://www.youtube.com/watch?v=ZrkZUO2g4DE lInvidious] 

omen > 4i lM e-14(e)a movin DY- lei golem Were) an) olae)paliX-e M-l] ee -x-) 0) ol=te eco) an) olUin-landalaelel-4amvlole-la lola) 

A1ad HAAN AWAYZeLULAU] ol Rexel an VANZ-1nelaae=d,(C] DEY Sl atop Mel -muuMcioe 

o  Exfiltration of Data from a compromised air-gapped computer by turning RAM into a Wi-Fi emitter 
https://www.youtube.com/watch ?v=vhNnc0In63c "nvidious] 

omen > di lite i4(e)ameo)in DY-\e-MicelaaW-Mae)anle)colaaliy-re m=) exr-x-] o] ello move) an) olUin-)an dal col0l-4 aM ofo) (1am laters 
https://arxiv.org/abs/1804.04014 [Archive.orel 

e Attacks not requiring malware: 

o Observing a blank wall in a room from a distance to figure how many people are in a room and what 
they are doing2®®. Publication with demonstration: http://wallcamera.csail.mit.edu/ “hives! 

o Observing a reflective bag of snacks in a room from a distance to reconstruct the entire room?®’. 
Publication with photographic examples: https://arxiv.org/abs/2001.04642 [Archive.crs] 

CoM V/Ls¥-K10 1a] Yani CoXe) mn] ol e-luledakcmcom(o(-laiaiavalarelAU(ol Ur] kcwe]ave Me (sicclaaaliarcmaatsyim alet-]inamere)arelidte) allele Me alolel bam 
Publication with demonstration: https://engineering.cmu.edu/news-events/news/2020/02/17- 
mauraders-map.html [chive.ore] 

o Observing a light bulb from a distance to listen to the sound in the room*** without any malware: 
Demonstration: https://www.youtube.com/watch?v=t32QvpfOHaqw !"’us!_ It should be noted that 
this type of attack is not new at all and there have been articles about such techniques as far back as 
2013’ and that you can even buy devices to perform this yourself such as here: 
http://www.gcomtech.com/ccp0-prodshow/laser-surveillance-laser-listening.html “*hive ore] 


291 


Here is also a good video from the same authors to explain those topics: Black Hat, The Air-Gap Jumpers 
https://www.youtube.com/watch?v=YKRtFgunyj4 [invidious] 


Realistically, this guide will be of little help against such adversaries as such malware could be implanted on the 
devices by a manufacturer, anyone in the middle”, or by anyone with physical access to the air-gapped computer 
but there are still some ways to mitigate such techniques: 
e Do not conduct sensitive activity while connected to an untrusted/unsecured power line to prevent power 
line leaks. 
e Donot use your devices in front of a camera that could be compromised. 
e Use your devices in a soundproofed room to prevent sound leaks. 
e Use your devices in a Faraday cage to prevent electromagnetic leaks. 
Cian DYoM alo) mue=)| ar-] ofoLU]mcx-) act] AVM (alco) aat-la(olaMal=1aem lsd aldele) | ofMocol0] (oll ol-M-1-]amigelaa melo iacy(0 (=e 
Cian LUV COLO] mmol =\V(x Komi eolpa mel laicla=)alvAvlal elactel(eie=] o)(-¥Ae)aillatem o)t-Veccom (lare) os) MU al=1acMa atom ola) of-]o)] [iavmey maa) aal of=iays4 
infected with such malware is lower. 
e Do not let anyone access your air-gapped computers except trusted people. 


Some bonus resources: 


e Have a look at the Whonix Documentation concerning Data Collection techniques here: 
https://www.whonix.org/wiki/Data_Collection_Techniques “hve-orel 


288 Scientific American, A Blank Wall Can Show How Many People Are in a Room and What They’re Doing 
https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/ 
[Archive org] 


289 Scientific American, A Shiny Snack Bag’s Reflections Can Reconstruct the Room around It 
https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/ *hive.or8] 

290 Scientific American, Footstep Sensors Identify People by Gait https://www.scientificamerican.com/article/footstep-sensors- 
identify-people-by-gait/ Archive-ors) 

291 Ben Nassi, Lamphone, https://www.nassiben.com/lamphone [A'chive org] 

292 The Guardian, Laser spying: is it really practical? https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser- 
spying-guardian-offices Archive.ors] 

283 ArsTechnica, Photos of an NSA “upgrade” factory show Cisco router getting implant https://arstechnica.com/tech- 


policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ Achive-ors] 
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e You might also enjoy looking at this service https://tosdr.org/ "n°" (Terms of Services, Didn’t Read) that 
will give you a good overview of the various ToS of many services. 

e Have a look at https://www.eff.org/issues/privacy "he's for some more resources. 

e Have a look at https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects /iK'ess] 
[Archive or8] tg have an overview of all known mass-surveillance projects, current, and past. 

e Have a look at https://www.gwern.net/Death-Note-Anonymity "el (even if you don’t know about Death 
Noht=) 

e Consider finding and reading Michael Bazzell’s book “Open-Source Intelligence Techniques” (eighth edition 
as of this writing to find out more about recent OSINT techniques) https://inteltechniques.com/book1.html 

e Finally, check https://www.freehaven.net/anonbib/date.html “hve-'8l for the latest academic papers related 
to Online Anonymity. 


Notes: 
If you still do not think such information can be used by various actors to track you, you can see some statistics for 
NVoLU] acX-) | Ko) mmcxo)o aY=W 0) F-] Kola aatcwe] alo <aX-) oN lam anllaromaatessy=W-|a-mo)al \ar-leeolelaldiay-mcolandalcMl-\i0l Mel-|a-Macte[0(-s cue] alo MnYl Maroy a 
count things like PRISM, MUSCULAR, SORM or XKEYSCORE explained earlier: 
e Google Transparency Report https://transparencyreport.google.com/user-data/overview Archive ors] 
e Facebook Transparency Report https://transparency.facebook.com/ <hve-crel 
e Apple Transparency Report https://www.apple.com/legal/transparency/ “chive ore) 
e Cloudflare Transparency Report https://www.cloudflare.com/transparency/ "hive ors] 
e Snapchat Transparency Report https://www.snap.com/en-US/privacy/transparency *chive.ore] 
e Telegram Transparency Report https://t.me/transparency “n°! (requires telegram installed) 
e Microsoft Transparency Report https://www.microsoft.com/en-us/corporate-responsibility/law- 
enforcement-requests-report ’hive.ors] 
e Amazon Transparency Report 
https://www.amazon.com/gp/help/customer/display.html?nodeld=GYSDRGWQ2C2CRYEF [Archive.ore] 
e Dropbox Transparency Report https://www.dropbox.com/transparency [’chive.ore] 
e Discord Transparency Report https://blog.discord.com/discord-transparency-report-jan-june-2020- 
2ef4a3ee346d Mrchive.ors] 
e GitHub Transparency Report https://github.blog/2021-02-25-2020-transparency-report/ A’chive.ors] 
e Snapchat Transparency Report https://www.snap.com/en-US/privacy/transparency/ Archiver] 
e  TikTok Transparency Report https://www.tiktok.com/safety/resources/transparency-report?lang=en 
[Archive org] 
e Reddit Transparency Report https://www.reddit.com/wiki/transparency here! 
e Twitter Transparency Report https://transparency.twitter.com/ “hve 


General Preparations: 


Personally, in the context of this guide, it is also interesting to have a look at your security model. And in this context, 
| only have one to recommend: 


Zero-Trust Security*”? (“Never trust, always verify”). 


Here are some various resources about what Zero-Trust Security is: 
e DEFCON, Zero Trust a Vision for Securing Cloud, https://www.youtube.com/watch?v=euSsqXO53GyY [nvidious] 
e From the NSA themselves, Embracing a Zero Trust Security Model, 
https://media.defense.gov/2021/Feb/25/2002588479/-1/- 
1/0/CS|_EMBRACING_ZT_SECURITY_MODEL_U00115131-21.PDF rchive-crel 


Picking your route: 
First, here is a small basic UML diagram showing your available options according to your 
skills/budget/time/resources. 
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See what routes are available 
to you. 


No time 
No skills 
No budget 
No resources 


Tor Browser Route 


Dedicated Laptop? Using M1 Mac? 


NO (Shared/Work...) 


Tails Route 


s Do have time? 
(Simple) you have time 


HIGH-END 


LOW-END faptiee Sperst Skill Level? 


MID-RANGE 


Any Route 
(Qubes OS 
Skill Level? recommended) 


MEDIUM Any Route 
(Qubes OS possible) 


Tor Browser, Tails, MEDIUM 
Whonix Routes 





e You have no time at all: 

© Go for the Tor Browser route. 
CM COLUM aY-\eM=>.4ua-laal=i Nm llaalinctemdlaat=mnom (=¥-] qa m-lalem al-\-ve-Wi-Kiman ele dlalcmce)(Uid(o) ab 

© Your best option is to go for the Tails route (excluding the persistent plausible deniability section). 
Cin Cole a¥-)\iem ui aalemr-]alemaatelaomiaal ole) an-lalaNmeavoyai’c-1ule)amnon (--]aab 

o Gowith any route. 


e You have no budget and even accessing a laptop is complicated or you only have your smartphone: 
© Go for the Tor Browser route. 
Ci Cole ola) hm at-)\.-me) al=W f=] o) Ko) ol \VZ-l I (-]e)(=mr-] ale mer-) a} aloyer-vaie) colr-]aNvauallavcac-l {=m COLUMULY-M dal (cM r-]olne) ol col mlidal-lan Vola e 
family, or your personal stuff (or both): 
o Your best option is to go for the Tails route. 
e You can afford a spare dedicated unsupervised/unmonitored laptop for your sensitive activities: 
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o Butit is old, slow, and has bad specs (less than 6GB of RAM, less than 250GB disk space, old/slow 
JU) 
= You should go for the Tails route. 
o Itis not that old, and it has decent specs (at least 6GB of RAM, 250GB of disk space or more, decent 
JU) 
=" You could go for Tails, Whonix routes. 
© It is new and it has great specs (more than 8GB of RAM, >250GB of disk space, recent fast CPU): 
mm Cole orolel (oxo M col ar-lalVMacolelx-m olla MoU (om a-Yxolanliil-Jile Mele] ol MOhM Im Zell] mdela-t-1mtatee(=)i-liCe Cy 
it. 
o If it isan ARM-based M1 Mac: 
=" Not possible currently for these reasons: 
e Virtualization of x86 images on ARM M1 Macs is still limited to commercial 
software (Parallels) which is not supported by Whonix yet. 
e  Virtualbox is not available for ARM architecture yet. 
e Whonix is not supported on ARM architecture yet. 
e Tails is not supported on ARM architecture yet. 
e Qubes OS is not supported on ARM architecture yet. 


Your only option on M1 Macs is probably to stick with Tor Browses for now. But | would guess that if you can 
afford an M1 Mac you should probably get a dedicated x86 laptop for more sensitive activities. 


Skills: 
e Doyou have nolT skills at all the content of this guide look like an alien language to you? Consider: 
© The Tor Browser route (simplest of all) 
©. The Tails route (excluding the persistent plausible deniability section). 
e You have some IT skills and mostly understand this guide so far, consider: 
©. The Tails route (with the optional persistent plausible deniability section). 
o The Whonix route. 
e You have moderate to high IT skills, and you are already familiar with some of the content of this guide, 
consider: 
o Any route (Qubes OS is preferred if you can afford it). 
e You are an |33T hacker, “there is no spoon”, “the cake is a lie”, you have been using “doas” for years, and “all 
your base is belong to us”, and you have strong opinions on systemd. 
©. This guide is not meant for you and will not help you with your HardenedBSD on your hardened 
1H] oY t=) efoto) mi l=] Ke) oe 


No Wrelast- late] mee) aisle \ler-la el aise 
Now that you know what is possible, you should also consider threats and adversaries before picking the right route. 


Threats: 

elf your main concern is a forensic examination of your devices, you should consider: 
© The Tor Browser route. 
oO The Tails route. 

e If your main concerns are remote adversaries that might uncover your online identity in various platforms, 

Vo] U Is} aVolUl (Mere) alsi(el =) 

oO. The Tails route. 
oO The Whonix route. 
o The Qubes OS route (best but requires budget/time and some skills). 

e If you want system-wide plausible deniability**” 2°* despite the risks??’>", consider: 


294 \Wikipedia, Rubber-hose Cryptanalysis https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis 


295 Defuse.ca, TrueCrypt's Plausible Deniability is Theoretically Useless https://defuse.ca/truecrypt-plausible-deniability-useless- 


by-game-theory.htm Archive-cre] 
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©. The Tails Route including the persistent plausible deniability section (see Persistent Plausible 
Deniability using Whonix within Tails). 

oO The Whonix Route (This is possible on both Windows and Linux but will require more skills to 
achieve on Linux). 

e If you are in a hostile environment where Tor/VPN usage alone is impossible/dangerous/suspicious, 
consider: 

© The Tails route (without actually using Tor). 

oO The Whonix route (without using Whonix). 

© The Qubes OS route (without actually using Whonix). 


Adversaries: 
e Low skills: 
o Low resources: 
=» Any motivation: Any Route 
o Medium resources: 
a Ko)WVavon \V/(=Xol (0 laqMaatelal\clulelaMe-Vanva volUl i=) 
=" High motivation: TAILS, Whonix, Qubes OS Routes 
o High resources: 
= Low motivation: Any route 
=" Medium to High motivation: TAILS, Whonix, Qubes OS Routes 
e Intermediate skills: 
o Low resources: 
= Low motivation: Any Route 
=" Medium to High motivation: TAILS, Whonix, Qubes OS Routes 
o Medium resources: 
= Low motivation: Any Route 
=" Medium to High motivation: TAILS, Whonix, Qubes OS Routes 
o High resources: 
=" Low to High motivation: TAILS, Whonix, Qubes OS Routes 
e = Highly skilled: 
o Low resources: 
= Low motivation: Any Route 
=" Medium to High motivation: TAILS, Whonix, Qubes OS Routes 
o Medium resources: 
= Low to High motivation: TAILS, Whonix, Qubes OS Routes 
o High resources: 
= Low to High motivations: TAILS, Whonix, Qubes OS Routes (but likely out of scope from this 
guide as this is probably a global adversary) 


In all cases, you should read these two pages from the Whonix documentation that will give you in-depth insight into 
your choices: 

e = https://www.whonix.org/wiki/Warning rchive.orel 

e https://www.whonix.org/wiki/Dev/Threat_Model [chve-crel 

e —https://www.whonix.org/wiki/Comparison_with_Others “hve orl 


You might be asking yourself: “How do | know if I’m ina hostile online environment where activities are actively 
rake) alixe) a=xe ir-] ale 0) (ofel <-\o ram 
e First read more about it at the EFF here: https://ssd.eff.org/en/module/understanding-and-circumventing- 
network-censorship “*chive-ore] 
Can Ol a -Tol Xo) nal -Mol-Le-MVZ0l0]a%-)) mal] c-Molama a=W Ke) a 1x0) {=\e1 ml @1@)\\l bated (@)ef=10 ©) ok1-1ac-]volaVMolm) (cin olga laie-lac-le-1ale-)) 
AVVZ=1 oS} a=Ham ald OSH A=>,4 0) (0) c=) emole lal Me) a2 


296 Wikipedia, OONI, https://en.wikipedia.org/wiki/OONI Wikies] [Archive.org] 
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e Have alook at https://censoredplanet.org/ and see if they have data about your country. 
e Specific to China, look at https://gfwatch.org/ and https://www.usenix.org/system/files/sec21-hoang.pdf 
[Archive org] 


e Test for yourself using OONI (this can be risky in a hostile environment). 


Steps for all routes: 


Getting used to using better passwords: 
See Appendix A2: Guidelines for passwords and passphrases. 


(Cri laycare) aleclare) ayn alelelsm a alelalemalelanl okie 
Skip this step if you have no intention of creating anonymous accounts on most mainstream platforms but just 
want anonymous browsing or if the platforms you will use allow registration without a phone number. 


Physical Burner Phone and prepaid SIM card: 

Get a burner phone: 

This is rather easy. Leave your smartphone on and at home. Have some cash and go to some random flea market or 
small shop (ideally one without CCTV inside or outside and while avoiding being photographed/filmed) and just buy 
the cheapest phone you can find with cash and without providing any personal information. It only needs to be in 
working order. 


AWcoLel(o Ma =Yero)anlant=larom-x-adlay-ar-Vamo)(oimmel0lan]e)e)alolal-man/ id alr Ma-)aace’Z-]0)(-m oy-]an-lavm (o) (eM \ Co) 4t- Mim ol0] mi aale)e)] (-Ma-ua Vela <mcia | 
allow those to connect as some countries phased out 1G-2G completely). This is to avoid the automatic 
sending/gathering of any telemetry/diagnostic data on the phone itself. You should never connect that phone to any 
Wi-Fi. 


Site Note: Be careful of some sellers as shown here https://therecord.media/malware-found-preinstalled-in- 
classic-push-button-phones-sold-in-russia/ "heel 


OMNI ee] Xo = Mela ULoif-] ateyan om ofe)'\(-1qre)aMdar-\al o0]qal=) eu o)alo)al-M=nV{-) am (alolm=nV-) amid a(oLU] maar) |\¥/ Mor-lqep Mla We-] a\Var-<=te)=4e-] 9) al fer=]| 
location that could lead to you (at your home/work for instance) and never at the same location as your other 
known smartphone (because that one has an IMEI/IMSI that will easily lead to you). This might seem like a big 
burden, but it is not as these phones are only being used during the setup/sign-up process and for verification from 
time to time. 


See Appendix N: Warning about smartphones and smart devices 


You should test that the phone is in working order before going to the next step. But | will repeat myself and state 

that it is important to leave your smartphone at home when going (or turn it off before leaving if you must keep it) 
FY aol da¥-) Mayol Mac\-\ mid a{oM 0) alo) al=W-] at-lu er) alolo) eal (oler-1dlo)a Wm dat-\amtor-] a) alo) ml om de-\ol <-Yo of-lol @inoMvZol0M (-]alom-}x-]/apmelo Maro) meoloMdal-lala 

front of a CCTV, avoid cameras, be aware of your surroundings). No need for Wi-Fi at this place either. 


When you are certain the phone is in working order, disable Bluetooth then power it off (remove the battery if you 
can) and go back home and resume your normal activities. Go to the next step. 


Getting an anonymous pre-paid SIM card: 
This is the hardest part of the whole guide. It is a SPOF (Single Point of Failure). The places where you can still buy 
prepaid SIM cards without ID registration are getting increasingly limited due to various KYC type regulations7%. 


So here is a list of places where you can still get them now: https://prepaid-data-sim- 
card.fandom.com/wiki/Registration_Policies_Per_Country “"hive-or8] 


You should be able to find a place that is “not too far” and just go there physically to buy some pre-paid cards and 
top-up vouchers with cash. Do verify that no law was passed before going that would make registration mandatory 


297 Privacy International, Timeline of SIM Card Registration Laws https://privacyinternational.org/long-read/3018/timeline-sim- 


card-registration-laws A*chive-orel 
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(Ta ler-kXoM vd aCe=] oLe\ MALAI cloM alo) ene] oe f-yucXo ) AMM aVm KoMt-)\{0) (ol ON AVAr- Talo Mor-laal=la-\cWr-l ale ol eM alo) aco) g-x-)mcon olU)Var- Im Ke) onl 0) omVZo)U [ol a(-V¢ 
with the SIM card (if it is not a package) as most pre-paid cards will require a top-up before use. 


See Appendix N: Warning about smartphones and smart devices 


Double-check that the mobile operators selling the pre-paid SIM cards will accept the SIM activation and top-up 
without any ID registration of any kind before going there. Ideally, they should accept SIM activation and top-up 
from the country you live in. 


IMVVZoLU] CoM xeXero)aavaat=lareMCliaiCt-)imlalmual=M ©) Gr-kwndal=\"ar-]acWer- |i) ae [-]e) (-MemoloMavolmactol0lla-Mlelclaldjileridle) amie) ered) Z-10le)a le) atom xo) ors 
up, and will even allow you to change your number up to two times from their website. One GiffGaff prepaid SIM 
card will therefore grant you three numbers to use for your needs. 


Power off the phone after activation/top-up and before going home. Do not ever power it on again unless you are 
rae) m=] r=) ©) F-\eX=Ma wa Y-) aor-] alm of MU Is-10 Mi KOM @=\V{-¥-] mYLOL0] an (o(=Taldiavar-lalomlel-r-] | hai (=t-hV=mv(o10] mu a=t-] ©) avo) a\=Mo) aly ol] mr-) au alo) aal=ml ol-1ke) qm x0) | ays 
to the safe place with only your burner phone. 


Online Phone Number: 

DISCLAIMER: Do not attempt this until you are done setting up a secure environment according to one of the 
selected routes. This step will require online access and should only be done from an anonymous network. Do not 
do this from any known/unsecured environment. Skip this until you have finished one of the routes. 


There are many commercial services offering numbers to receive SMS messages online but most of those have no 
eT arelanvanvinysA elalvz-1e"arc] ae Mer=] alu of=Me) mare at=)| oM-kM aavolcimmsieLeil-] MlV/(aXe|t-Mo)t-lacela anism o)[-(ecWeM (laelime)al arena aat-lanvaldiaatetcueln ©) ate)at) 
number can be used for registration. 


There are some forums and subreddits (like r/phoneverification/) where users will offer the service of receiving such 
SMS messages for you for a small fee (using PayPal or some crypto payment). Unfortunately, these are full of 
scammers and very risky in terms of anonymity. You should not use those under any circumstance. 


To this date, | do not know any reputable service that would offer this service and accept cash payments (by post for 
Talsit=]arered MIL como) eatomvda Nm o)gentiel<) acs 10 i mr- I Cl nVMCX=) aU [oCcKowr=] gam o) xo) VA(olalcaoyaliiatew elavelaemalelanl ol=)acm-)aleMo(omr-lorer-] ola \V/(o)at=lae) 
which could be reasonably anonymous (yet less recommended than that physical way in the earlier chapter) that 
you could consider: 
e Recommended: Do not require any identification (even e-mail): 
o (Iceland based, accepts Monero) https://crypton.sh [or Mirror] [Archive org} 
o (Ukraine based, accepts Monero) https://virtualsim.net/ 4'hve-or8] 
Cie Drom c=o[Ul/n-Mlol-laldiirerlaceam Welilom=tearll 
o (US California based, accepts Monero) https://mobilesms.io “nivel 
o (Germany based, accepts Monero) https://www.sms77.io/ Achive-crel 
o (Russia based, accepts Monero) https://onlinesim.ru/ Arhve-or8! 


There are some other possibilities listed here https://cryptwerk.com/companies/sms/xmr/ “he °'8], Use at your 
own risk. 


Now, what if you have no money? Well, in that case, you will have to try your luck with free services and hope for 
the best. Here are some examples, use at your own risk: 


e =https://oksms.org 
e https://smspva.com 
e =https://sms24.me 


DISCLAIMER: | cannot vouch for any of these providers and therefore | will still recommend doing it yourself 
physically. In this case, you will have to rely on the anonymity of Monero and you should not use any service that 
requires any kind of identification using your real identity. Please do read Appendix B2: Monero Disclaimer. 
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Therefore IMHO, it is just more convenient, cheaper, and less risky to just get a pre-paid SIM card from one of the 
physical places that still sell them for cash without requiring ID registration. But at least there is an alternative if you 
have no other choice. 


Get a USB key: 
Skip this step if you have no intention of creating anonymous accounts on most mainstream platforms but just 
want anonymous browsing or if the platforms you will use allow registration without a phone number. 


Get at least one or two decent size generic USB keys (at least 16GB but | would recommend 32GB). 


Please do not buy or use gimmicky self-encrypting devices such as these: 
https://syscall.eu/blog/2018/03/12/aigo_part1/ “"hiveorel 


Some might be very efficient?”® but many are gimmicky gadgets that offer no real protection?”. 


Find some safe places with decent public Wi-Fi: 
You need to find safe places where you will be able to do your sensitive activities using some publicly accessible Wi- 
Fi (without any account/ID registration, avoid CCTVs). 


This can be anywhere that will not be tied to you directly (your home/work) and where you can use the Wi-Fi for a 
while without being bothered. But also, a place where you can do this without being “noticed” by anyone. 


If you think Starbucks is a clever idea, you may reconsider: 
e They probably have CCTVs in all their shops and keep those recordings for an unknown amount of time. 
e You will need to buy a coffee to get the Wi-Fi access code in most. If you pay for this coffee with an 
electronic method, they will be able to tie your Wi-Fi access with your identity. 


Situational awareness is key, and you should be constantly aware of your surroundings and avoid touristy places like 
it was plagued by Ebola. You want to avoid appearing on any picture/video of anyone while someone is taking a 
selfie, making a TikTok video, or posting some travel pictures on their Instagram. If you do, remember chances are 
lalicdaWivat-Vanvavedsom o)(oid0]q=SMMWYA1| Molaro MUL oMoyal lave e100) [Cl \molal eal VZ-1e-)\"A MUldamavll Maaleie-\ol-\e-—-|ae-lo alte mKomualcian 
alanteyAef-lne¥Asxaxe) (ofer-\ ule) ab i-]areM\Zol0] au i-l =m n{=10aT=)an) of=]annal=xX-mor-] altel are Muli mel=Mlare(=).CaXe fl oh Val n=l a=] oLele) A eLoloysd (-¥a d=] avel=>.44 Ve) @) (=) 
rato o) go) of-] 0) \Var-]| mua) arom (oink) eMer-]-4-) aol [=1oe 


While this will not be available yet to your local police officers, it could be in the near future. 


You will ideally need a set of 3-5 separate places such as this to avoid using the same place twice. Several trips will be 
needed over the weeks for the various steps in this guide. 


You could also consider connecting to these places from a safe distance for added security. See Appendix Q: Using 
long-range Antenna to connect to Public Wi-Fis from a safe distance. 


The Tor Browser route: 

This part of the guide will help you in setting up the simplest and easiest way to browse the web anonymously. It is 
not necessarily the best method and there are more advanced methods below with (much) better security and 
(much) better mitigations against various adversaries. Yet, this is a straightforward way of accessing resources 
VavolanZanteleiivar-yare mello ¢hmWviaa lM alon olUlof:<-1um avomalaat-eu aro) di |icpmr-lalem llaalincleMUKy-|-4-m 


So, what is Tor Browser? Tor Browser (https://www.torproject.org/ ""'v°"81) is a web browser like 
Safari/Firefox/Chrome/Edge/Brave designed with privacy and anonymity in mind. 


This browser is different from other browsers as it will connect to the internet through the Tor Network using Onion 
Routing. | first recommend that you watch this very nice introduction video by the Tor Project themselves: 
ALad SH PAWAWAWANLoLULq0] o{=M oxo] a aVANVE-1Kol ARAVA NVAVA Isto] 617441 MUMoeen Viv =Y amo a=] OmYZOLUR) avoLOl oo) 0) of-]0) \VM al-y-(e Mey -1mn Cold al-tial of--<-m Ke) 


298 NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes 
https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html Archive.ors] 
293 Usenix.org, Shedding too much Light on a Microcontroller’s Firmware Protection 


https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf A’hive-orel 
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read their quick overview here: https://2019.www.torproject.org/about/overview.html.en hve 8], Without going 
into too many technical details, Tor Browser is an easy and simple “fire and forget” solution to browse the web 
anonymously from pretty much any device. It is probably sufficient for most people and can be used from any 
computer or smartphone. 


Here are several ways to set it up for all main OSes. 


AVAValate Koh VAsHm Male b.emrelaem aatelel@hsy 
Please see Appendix Y: Installing and using desktop Tor Browser. 


Navel ne) 

e Head over to: 
o Play Store: https://play.google.com/store/apps/details?id=org.torproject.torbrowser 
o  F-Droid Store: It’s not yet there but you can add it manually following the instructions at 

https://support.torproject.org/tormobile/tormobile-7/ *hive-orel 

e Install 

e Launch Tor Browser 

e After Launching, click the upper right Settings icon 

e Select “Config Bridge” and read Appendix X: Using Tor bridges in hostile environments 

e If needed (after reading the appendix above), activate the option and select the type of bridge you want: 
o Obfs4 
o Meek-Azure 
o Snowflake 


Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Meek- 
Azure. Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the 
best option to obfuscate your Tor activities if needed and Microsoft servers are usually not blocked. 


Cm ColUir-]a=w-llaateysiere (e)aia) 


As with the desktop version, you need to know there are safety levels in Tor Browser. On Android, you can access 
these by following these steps: 

e Click the menu (bottom right) 

e = Click Settings 

e Head over to the Privacy and security section 

e Click Security Settings 


You will find details about each level here: https://tb-manual.torproject.org/security-settings/ "ne °'2] but here is a 
summary: 
e Standard (the default): 
o All features are enabled (including JavaScript) 
e Safer: 
o JavaScript is disabled on non-HTTPS websites 
o Some fonts and symbols are disabled 
o Any media playback is “click to play” (disabled by default) 


o Javascript is disabled everywhere 
o Some fonts and symbols are disabled 
o Any media playback is “click to play” (disabled by default) 


| would recommend the “Safer” level for most cases. The Safest level should only be enabled if you think you are 
accessing suspicious or dangerous websites or if you are extra paranoid. 


However, the Safer level should be used with some extra precautions while using some websites: see Appendix A5: 
Additional browser precautions with JavaScript enabled. 
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iOS: 
While the official Tor Browser is not yet available for iOS, there is an alternative called Onion Browser endorsed by 
the Tor Project?™. 


e Head over to https://apps.apple.com/us/app/onion-browser/id519296448 

Cee [asi] || 

e Disable Wi-Fi and Mobile Data 

e Launch Onion Browser 

e After Launching, click the upper right Settings icon (Disabling Wi-Fi and Mobile Data previously were to 

prevent Onion Browser from connecting automatically and to allow access to these options). 

e Select “Bridge Configuration” and read Appendix X: Using Tor bridges in hostile environments 

e If needed (after reading the appendix above), activate the option and select the type of bridge you want: 
o Obfs4 
o Snowflake 
o (Meek-Azure is unfortunately not available on Onion Browser for iOS for some reason) 


Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a 
Snowflake one (since Meek-Azure bridges are not available). Those will probably work even if you are in China and 
want to bypass the Great Firewall. It is probably the best option you have on iOS. 


e You are almost done 


As with the desktop version, you need to know there are safety levels in Onion Browser. On iOS, you can access 
these by following these steps: 
e Click the shield icon (upper left) 
Cm COLUM II Mar-hVoM dal aa\om (=\.-) KOM oli) @igelan 

o 1. Gold: Ideal if you are suspicious, paranoid, or accessing what you think are dangerous resources. 
=" JavaScript is disabled 
LA AV{=) osYol ol <=} oH C1=10) (oXer- 1010) aFar-] ae. (m la We] come) Ky-] 0) (=1e| 
=" No Video or Audio 
ia fa) <swor-] a) ae luxe) of-1aW-V 0) 03 
=" WebRTC is blocked 
= Mixed HTTP/HTTPS is blocked 
ey Xo cir] alo re) ofa ©) ofsir-] a1 0) Koel <X0| 

o 2. Silver: 
=" JavaScript partially allowed 
LTA AV{=) osYol ol <=} Sm CL=10) (oXer- 1010) aPar-] ale. (ml a We] Rome) Ky-] 0) (=1e| 
= No Video or Audio 
= Links cannot open Apps 
= WebRTC is blocked 
= Mixed HTTP/HTTPS is blocked 
ay Xo Kir] alo xo) of ©) ofsr-] 0 0} (ofl <=Xo| 

o 3. Bronze (not recommended): 
=" JavaScript allowed 
= Audio and Video allowed 
= Links cannot open Apps 
Tam V(=1 0), 41K OM [cm ao) mo} (oYel <-Xo| 
= Mixed HTTP/HTTPS is not blocked 
ay Xo Kir alo xo) of 0) ofs-] =i 0} [ofl 10] 


300 TorProject.org, Can | run Tor Browser on an iOS device? https://support.torproject.org/tormobile/tormobile-3/ hve o8] 
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| would recommend the “Silver” level for most cases. The Gold level should only be enabled if you think you are 
accessing suspicious or dangerous websites or if you are extra paranoid. The Gold mode will also most likely break 
many websites that rely actively on JavaScript. 


As JavaScript is enabled in the Silver mode, please see Appendix A5: Additional browser precautions with JavaScript 
enabled. 


Now, you are really done, and you can now surf the web anonymously from your iOS device. 


Important Warning: 

This route is the easiest but is not designed to resist highly skilled adversaries. It is however usable on any device 
regardless of the configuration. This route is also vulnerable to correlation attacks (See Your Anonymized Tor/VPN 
traffic) and is blind to anything that might be on your device (this could be any malware, exploit, virus, remote 
administration software, parental controls...). Yet, if your threat model is quite low, it is probably sufficient for 

ra aKes-j mm L=1e) ) (=P 


If you have time and want to learn, | recommend going for other routes instead as they offer far better security and 
mitigate far more risks while lowering your attack surface considerably. 


The Tails route: 
This part of the guide will help you in setting up Tails if one of the following is true: 
Cm Cole mor-l al alol a= jiie) ge lr- Wel =Xo| (er) n-YoMlt-] 0) Ko) 0) 
e Your dedicated laptop is just too old and too slow 
e You have very low IT skills 
Cin (ole mol -lol(ol-muom com ida mili CM] aN AN icN\a 


Tails*°! stands for The Amnesic Incognito Live System. It is a bootable Live Operating System running from a USB key 
that is designed for leaving no traces and forcing all connections through the Tor network. 


You insert the Tails USB key into your laptop, boot from it and you have a full operating system running with privacy 
and anonymity in mind. As soon as you shut down the computer, everything will be gone unless you saved it 
somewhere. 


Tails is an amazingly straightforward way to get going in no time with what you have and without much learning. It 
has extensive documentation and tutorials. 


WARNING: Tails is not always up to date with their bundled software. And not always up to date with the Tor 
Browser updates either. You should always make sure you are using the latest version of Tails and you should use 
extreme caution when using bundled apps within Tails that might be vulnerable to exploits and reveal your 
location?™. 


It does however have some drawbacks: 

e Tails uses Tor and therefore you will be using Tor to access any resource on the internet. This alone will 
make you suspicious to most platforms where you want to create anonymous accounts (this will be 
explained in more detail later). 

e Your ISP (whether it is yours or some public Wi-Fi) will also see that you are using Tor, and this could make 
you suspicious in itself. 

e Tails does not include (natively) some of the software you might want to use later which will complicate 
things quite a bit if you want to run some specific things (Android Emulators for instance). 

e Tails uses Tor Browser which while it is very secure will be detected as well by most platforms and will hinder 
NVolUM [amela=r-lilalcar-)arelahiaavele cm (ol-laldiul-melemant-lanva el (lace) aaaice 

e Tails will not protect you more from the 5S wrench”. 


301 Wikipedia, Tails, https://en.wikipedia.org/wiki/Tails_(operating system) 'Wikiless] [Archive.org] 
302 Vice.com, Facebook Helped the FBI Hack a Child Predator https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi- 


hack-child-predator-buster-hernandez A’hive oral 
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e Tor initself might not be enough to protect you from an adversary with enough resources as explained 
earlier. 


Important Note: If your laptop is monitored/supervised and some local restrictions are in place, please read 
Appendix U: How to bypass (some) local restrictions on supervised computers. 


You should also read Tails Documentation, Warnings, and limitations, before going further 
https://tails.boum.org/doc/about/warnings/index.en.htm| ’chive orel 


Taking all this into account and the fact that their documentation is great, | will just redirect you towards their well- 
raateKe(omr-Jaremuvce)leaat-liaue-|ialsvemaeine)at-] 


https://tails.boum.org/install/index.en.html "e--rl pick your flavor and proceed. 


If you’re having an issue accessing Tor due to censorship or other issues, you can try using Tor Bridges by following 
this Tails tutorial: https://tails.boum.org/doc/anonymous_internet/tor/index.en.html veo] and find more 
information about these on Tor Documentation https://2019.www.torproject.org/docs/bridges *hive.orel 


If you think using Tor alone is dangerous/suspicious, see Appendix P: Accessing the internet as safely as possible 
when Tor/VPN is not an option 


Tor Browser settings on Tails: 
When using Tor Browser, you should click the little shield Icon (upper right, next to the Address bar) and select your 
Security level (see https://tb-manual.torproject.org/security-settings/ "ve "el for details). Basically, there are three. 


Cis) J alol-1aeM Gual-mo(-1i-]01 10 

o All features are enabled (including JavaScript) 
e Safer: 

o JavaScript is disabled on non-HTTPS websites 

o Some fonts and symbols are disabled 

o Any media playback is “click to play” (disabled by default) 
e Safest: 

o Javascript is disabled everywhere 

o Some fonts and symbols are disabled 

o Any media playback is “click to play” (disabled by default) 


| would recommend the “Safer” level for most cases. The Safest level should only be enabled if you think you are 
accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break 
many websites that rely actively on JavaScript. 


Lastly, while using Tor Browser on Tails on the “Safer” level, please consider Appendix A5: Additional browser 
precautions with JavaScript enabled 


When you are done and have a working Tails on your laptop, go to the Creating your anonymous online identities 
step much further in this guide or if you want persistence and plausible deniability, continue with the next section. 


Persistent Plausible Deniability using Whonix within Tails: 
Consider checking the https://github.com/aforensics/HiddenVM /'hive-o8] project for Tails. 


This project is a clever idea of a one-click self-contained VM solution that you could store on an encrypted disk using 
plausible deniability**1 (see The Whonix route: first chapters and also for some explanations about Plausible 
deniability, as well as the How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives: 
section at the end of this guide for more understanding). 


This would allow the creation of a hybrid system mixing Tails with the Virtualization options of the Whonix route in 
this guide. 
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(Randomized Mac Address, Stream Isolation in Effect) 
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Whonix Workstation 








Note: See Pick your connectivity method in the Whonix Route for more explanations about Stream Isolation 


In short: 
e You could run non-persistent Tails from one USB key (following their recommendations) 
e You could store persistent VMs within a secondary container that could be encrypted normally or using the 
Veracrypt plausible deniability feature (these could be Whonix VMs for instance or any other). 
e You do benefit from the added Tor Stream Isolation feature (see Tor over VPN for more info about stream 
isolation). 


In that case, as the project outlines it, there should be no traces of any of your activities on your computer and the 
sensitive work could be done from VMs stored into a Hidden container that should not be easily discoverable by a 
soft adversary. 


This option is particularly interesting for “traveling light” and to mitigate forensics attacks while keeping 
persistence on your work. You only need 2 USB keys (one with Tails and one with a Veracrypt container containing 
persistent Whonix). The first USB key will appear to contain just Tails and the second USB will appear to contain just 
random garbage but will have a decoy volume which you can show for plausible deniability. 


You might also wonder if this will result in a “Tor over Tor” setup, but it will not. The Whonix VMs will be accessing 
the network directly through clearnet and not through Tails Onion Routing. 


In the future, this could also be supported by the Whonix project themselves as explained here: 
https://www.whonix.org/wiki/Whonix-Host "hve-o'8l but it is not yet recommended as of now for end-users. 


Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of 
torture?*. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to 
use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: https://defuse.ca/truecrypt-plausible- 


deniability-useless-by-game-theory.htm [rchive ore] 


Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means. 
See https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis ''Kiess! [Archive.org] 


CAUTION: Please see Appendix K: Considerations for using external SSD drives and Understanding HDD vs SSD 
sections if you consider storing such hidden VMs on an external SSD drive: 

e Donot use hidden volumes on SSD drives as this is not supported/recommended by Veracrypt?°>. 

e Use instead file containers instead of encrypted volumes. 





[Archive.org] 


303 Veracrypt Documentation, Trim Operations https://www.veracrypt.fr/en/Trim%20Operation.html 
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e Make sure you do know how to clean data from an external SSD drive properly. 
Here is my guide on how to achieve this: 


First Run: 
e Download the latest HiddenVM release from https://github.com/aforensics/HiddenVM/releases A’hive-orel 
e Download the latest Whonix XFCE release from https://www.whonix.org/wiki/VirtualBox/XFCE "hive-orel 
e Prepare a USB Key/Drive with Veracrypt 
o Create a Hidden Volume on the USB/Key Drive (1 would recommend at least 16GB for the hidden 
volume) 
o Inthe Outer Volume, place some decoy files 
o Inthe Hidden Volume, place the HiddenVM appimage file 
o Inthe Hidden Volume, place the Whonix XFCE ova file 
e Boot into Tails 
e Setup the Keyboard layout as you want. 
e Select Additional Settings and set an administrator (root) password (needed for installing HiddenVM) 
e Start Tails 
e Connect to a safe wi-fi (this is a required step for the rest to work) 
Cin Clo [aivom Oia) |id{-tow-]arol Ola) Lolo) qnZol0)anvA-le-\oa'Z elm (altelel-la) MVAo) Un at-M (o(o MM alo) mxolg-x-)m ne Kel allo adatom al(o(o(=yamvce) (Ulpat 
checkbox) 
e Launch the HiddenVM appimage 
e When prompted to select a folder, select the Root of the Hidden volume (where the Whonix OVA and 
HiddenVM app image files are). 
e Let it do its thing (This will install Virtualbox within Tails with one click) 
e When it is done, it should automatically start Virtualbox Manager. 
e Import the Whonix OVA files (see Whonix Virtual Machines:) 


Note, if during the import you are having issues such as “NS_ERROR_INVALID_ARG (0x80070057)”, this is probably 
because there is not enough disk space on your Hidden volume for Whonix. Whonix themselves recommend 32GB of 
Lael <M) oY-[eX= O10] mu aY~] WAcM 0) go) of] 0) \VaN a\o lem al ={oc=isK:y-) aVar-] ale mm NO\G] 5 afolU] (oll of-m =) alo l0}=4 alm ie) ar-Mcin-] dumm ColUer-] amd aV Mod 4lal-ar-] elu] ate maal is 
error by renaming the Whonix *.OVA file to *.TAR and decompressing it within Tails. When you are done with 
decompression, delete the OVA file and import the other files with the Import wizard. This time it might work. 


Subsequent Runs: 
e Boot into Tails 
e Connect to Wi-Fi 
e Unlock your Hidden Volume 
e Launch the HiddenVM App 
e This should automatically open VirtualBox manager and show your earlier VMs from the first run 


Steps for all other routes: 


Get a dedicated laptop for your sensitive activities: 

Ideally, you should get a dedicated laptop that will not be tied to you in any effortless way (ideally paid with cash 
VatolaNvanatolbss \Var- lao MUI aveadatcMcy-10 a(om 0) gaXor=]Ul dle) alcuekw o) aN VALU) hve aelala(o) alee ce) midaiMo)alolarcu- Jae maal=is)|\V/ mer] ace) Malan 
rx=Xero) anya at=yae(=tou olU] male) mi aat-laler-|o)avm ol Yor [Um dalicm-40) (ol M1 Mal=1i onvZolUl at] ae ic) am’ e0 la l-] 01 Ke) ol-iom eal U (ela W-So ofe)-431 0) (MiKo) 
prevent data leaks through various means. There will be several lines of defense standing between your online 
identities and yourself that should prevent most adversaries from de-anonymizing you besides state/global actors 
with considerable resources. 


This laptop should ideally be a clean freshly installed Laptop (Running Windows, Linux, or macOS), clean of your 
ratolanat-]mer=\mikorcol-Wvar- old \Vlu(=\cpur-) ale Moyaillavem (al=\d21ar xe) a) alctoineto Mi Koma al=Wa(-iaNe) a, @aYZ-1a Mm [ala al=Mor-\c1- 0) m-IAVAVA Tale Co)" cm F<) o) 40) opm] alo! 
if you used it before such a clean install, it should also not be activated (re-installed without a product key). 
Specifically, in the case of MacBooks, it should never have been tied to your identity before in any means. So, buy 
second-hand with cash from an unknown stranger who does not know your identity 
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This is to mitigate some future issues in case of online leaks (including telemetry from your OS or Apps) that could 
compromise any unique identifiers of the laptop while using it (MAC Address, Bluetooth Address, and Product key 
...). But also, to avoid being tracked back if you need to dispose of the laptop. 


If you used this laptop before for different purposes (like your day-to-day activities), all its hardware identifiers are 
probably known and registered by Microsoft or Apple. If later any of those identifiers is compromised (by malware, 
telemetry, exploits, human errors ...) they could lead back to you. 


The laptop should have at least 250GB of Disk Space at least 6GB (ideally 8GB or 16GB) of RAM and should be able 
to run a couple of Virtual Machines at the same time. It should have a working battery that lasts a few hours. 


Mi aVicm Felo1ue) oMorole] (oll a¥-\'Z=e-10 lu n [BID W/A0)0)a ofan) ol atela mcs) DYANAVANY/ [Mel hV= Om sXe) aa Wm oXeK<-1] of] [Td{=xom ate NVZom Walell au of=) at=Vi Lace] ATOM ISU [13 
that will be detailed later. 


All future online steps performed with this laptop should ideally be done from a safe network such as Public Wi-Fi in 
a safe place (see Find some safe places with decent public Wi-Fi). But several steps will have to be taken offline first. 


Sola alow le] olne) oN aero) anlant-lalerciulelaise 
| would strongly recommend getting a “business grade” laptop (meaning not consumer/gaming-grade laptop) if you 
(or=] aba x0) a alit=] alerePmcxo) a=W Mal al dez-(e Mi qo)aalu W=)alo)Von (aahval ols) acve)ar-] Michie) alt=) B 


This is because those business laptops usually offer better and more customizable security features (especially in the 
BIOS/UEFI settings) with longer support than most consumer laptops (Asus, MSI, Gigabyte, Acer...). The interesting 
features to look for are IMHO: 

e Better custom Secure Boot settings (where you can selectively manage all the keys and not just use the 
Standard ones) 

e HDD/SSD passwords in addition to just BIOS/UEFI passwords. 

e AMD laptops could be more interesting as some provide the ability to disable AMD PSP (the AMD equivalent 
of Intel IME) from the BIOS/UEFI settings by default. And, because AFAIK, AMD PSP was audited and contrary 
to IME was not found to have any “evil” functionalities**. However, if you are going for the Qubes OS Route 
consider Intel CPUs as Qubes OS does not support AMD with their anti-evil-maid system”. 

e Secure Wipe tools from the BIOS (especially useful for SSD/NVMe drives, see Appendix M: BIOS/UEFI options 
to wipe disks in various Brands). 

e Better control over the disabling/enabling of select peripherals (USB ports, Wi-Fis, Bluetooth, Camera, 
Microphone ...). 

e Better security features with Virtualization. 

e Native anti-tampering protections. 

e Longer support with BIOS/UEFI updates (and subsequent BIOS/UEFI security updates). 

C Meso) na\-u-]a-M-10] 0) ole) aucloMl o)Va Ml] 0) a=) ofeyo)t 


Bios/UEFI/Firmware Settings of your laptop: 

PC 

These settings can be accessed through the boot menu of your laptop. Here is a good tutorial from HP explaining all 
the ways to access the BIOS on various computers: https://store.hp.com/us/en/tech-takes/how-to-enter-bios-setup- 
windows-pcs [A’chive.org] 


Usually how to access it is by pressing a specific key (F1, F2, or Del) at boot (before your OS). 


Once you are in there, you will need to apply a few recommended settings: 
e Disable Bluetooth completely if you can. 
e Disable Biometrics (fingerprint scanners) if you have any if you can. However, you could add a biometric 
additional check for booting only (pre-boot) but not for accessing the BIOS/UEFI settings. 


304 YouTube, 36C3 - Uncover, Understand, Own - Regaining Control Over Your AMD CPU 
https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s l!nvidious] 
305 Qubes OS, Anti-Evil Maid, https://github.com/QubesOS/qubes-antievilmaid Archive-o] 
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Caen D)is¥-] 0) (mw a=WaAV(=) ofer=) aa ir-}alem \V/I(elae) 6) alola-Mimo]0 eran 
e Enable BIOS/UEFI password and use a long passphrase instead of a password (if you can) and make sure this 
password is required for: 
o Accessing the BIOS/UEFI settings themselves 
o Changing the Boot order 
©  Startup/Power-on of the device 
e Enable HDD/SSD password if the feature is available. This feature will add another password on the HDD/SSD 
itself (not in the BIOS/UEFI firmware) that will prevent this HDD/SSD from being used in a different computer 
without the password. Note that this feature is also specific to some manufacturers and could require 
specific software to unlock this disk from a completely different computer. 
e Prevent accessing the boot options (the boot order) without providing the BIOS/UEFI password if you can. 
e Disable USB/HDMI or any other port (Ethernet, Firewire, SD card ...) if you can. 
e Disable Intel ME if you can (odds are very high you can’t). 
e Disable AMD PSP if you can (AMD’s equivalent to IME, see Your CPU) 
CMa DY Et] 0) [-Msi=Yol0] c-Ms{oLol mT MVZOLOM aid-lare no MUI<- O10] of-\m OW lM ual-\Vare (OM afeymetU] o) ole) ami mol 0 imo) muat-W elo) Gaul 4-1-1 oN i molan 
NZoLUMTaln=lalolmcoMeiy=m MIalUp GANAlale (ON VAS 
an @1 aT =Yol i Zo]0] mul-) ono) om >} | OlSM ale lomt-MT=1010 | g=M = a-KX-Me) oLd(olaln ce) @nvZel0] mi nD) DY Acts) D i at-} ao] ] (0M oY-Mexo) aVZ-Val(-almla Merci -Keli 
need. 


Only enable those on a “need to use” basis and disable them again after use. This can help mitigate some attacks in 
case your laptop is seized while locked but still on OR if you had to shut it down rather quickly and someone took 
possession of it (this topic will be explained later in this guide). 


About Secure boot: 

So, what is Secure Boot?”’? In short, it is a UEFI security feature designed to prevent your computer from booting an 
operating system from which the bootloader was not signed by specific keys stored in the UEFI firmware of your 
laptop. 


When the operating system (or the Bootloader?) supports it, you can store the keys of your bootloader in your UEFI 
silaaahive-lacraclalemual MAIL elac\Z=aimn eleleydlalcame] om] alm lar-lUia alo) P4cYom@) el-le-yalal-ms) 1-100 (LU le ake Vom OM MUN) >Molar-la\anall als 
similar). 


Secure Boot settings are protected by the password you set up to access the BIOS/UEFI settings. If you have that 
password, you can disable Secure Boot and allow unsigned OSes to boot on your system. This can help mitigate 
some Evil-Maid attacks (explained later in this guide). 


In most cases, Secure Boot is disabled by default or is enabled but in “setup” mode which will allow any system to 
boot. For Secure Boot to work, your Operating System will have to support it and then sign its bootloader and push 
those signing keys to your UEFI firmware. After that, you will have to go to your BIOS/UEFI settings and save those 
pushed keys from your OS and change the Secure Boot from setup to user mode (or custom mode in some cases). 


After doing that step, only the Operating Systems from which your UEFI firmware can verify the integrity of the 
bootloader will be able to boot. 


Most laptops will have some default keys already stored in the secure boot settings. Usually, those are from the 
manufacturer itself or some companies such as Microsoft. So, this means that by default, it will always be possible to 
boot some USB disks even with secure boot. These include Windows, Fedora, Ubuntu, Mint, Debian, CentOS, 
OpenSUSE, Tails, Clonezilla, and many others. Secure Boot is however not supported at all by Qubes OS at this point. 


In some laptops, you can manage those keys and remove the ones you do not want with a “custom mode” to only 
authorize your bootloader that you could sign yourself if you want to. 


306 QubesOS FAQ, https://www.qubes-os.org/faq/#His-secure-boot-supported [Archiveore] 
307 Wikipedia, Secure Boot, https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot !Wikiless] [Archive.org] 


308 Wikipedia, Booting https://en.wikipedia.org/wiki/Booting ‘Wikiless] [Archive.org] 
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So, what is Secure Boot protecting you from? It will protect your laptop from booting unsigned bootloaders (by the 
OS provider) with for instance injected malware. 


What is Secure Boot not protecting you from? 

e Secure Boot is not encrypting your disk and an adversary can still just remove the disk from your laptop and 
extract data from it using a different machine. Secure Boot is therefore useless without full disk encryption. 

e Secure Boot is not protecting you from a signed bootloader that would be compromised and signed by the 
manufacturer itself (Microsoft for example in the case of Windows). Most mainstream Linux distributions are 
signed these days and will boot with Secure Boot enabled. 

e Secure Boot can have flaws and exploits like any other system. If you are running an old laptop that does not 
benefit from new BIOS/UEFI updates, these can be left unfixed. 


VNoVolhukeya¥=) | NV AmX=NVK2) a=) Mea = ol Aout X00] (0M of ofosi1] 0) (= W=} -¥-] | aici mes{=1eL0] q=¥s sXoLo) m= kM =. 0) f=] ai=Lom (lanrel=) eo) a) M fama alatrMmncYol al al (or-] BVA(e(=Yoo 
e Defcon 22, https://www.youtube.com/watch?v=QDSIWa9xQuA "nvidious} 
e BlackHat 2016, https://www.youtube.com/watch?v=0fZdL3ufVOlI "nvidious] 


So, it can be useful as an added measure against some adversaries but not all. Secure Boot in itself is not 
encrypting your hard drive. It is an added layer but that is it. 


| still recommend you keep it on if you can. 


Velen 
Take a moment to set a firmware password according to the tutorial here: https://support.apple.com/en- 
au/HT204455 [rchive.org] 


You should also enable firmware password reset protection (available from Catalina) according to the 
documentation here: https://support.apple.com/en-gb/guide/security/sec28382c9ca/web Archive-crs] 


This feature will mitigate the possibility for some adversaries to use hardware hacks to disable/bypass your firmware 
password. Note that this will also prevent Apple themselves from accessing the firmware in case of repair. 


Physically Tamper protect your laptop: 

At some point, you will inevitably leave this laptop alone somewhere. You will not sleep with it and take it 
everywhere every single day. You should make it as hard as possible for anyone to tamper with it without you 
noticing it. This is mostly useful against some limited adversaries that will not use a 5S wrench against you??. 


It is important to know that it is trivially easy for some specialists to install a key logger in your laptop, or to just 
make a clone copy of your hard drive that could later allow them to detect the presence of encrypted data in it using 
forensic techniques (more on that later). 


Here is a good cheap method to make your laptop tamper-proof using Nail Polish (with glitter) 
https://mullvad.net/en/help/how-tamper-protect-laptop/ 4hve--rl 309 (with pictures). 


While this is a good cheap method, it could also raise suspicions as it is quite “noticeable” and might just reveal that 
you “have something to hide”. So, there are more subtle ways of achieving the same result. You could also for 
Talsit=]a(erem pat ].<our- Mol (OXX=HH0] OM pat [e1ge 0) plo) Koy<4e-] 0) ahVMo) mu a{oM of-\ol excYolg=\WVioMe) MVZOL0] a=] 01k0) OKO) an LUIS MUX cle at-] | -]eaolU al me) mer-|ave| 
Wax within one of the screws that could just look like usual dirt. You could then check for tampering by comparing 
the photographs of the screws with new ones. Their orientation might have changed a bit if your adversary was not 
careful enough (Tightening them exactly the same way they were before). Or the wax within the bottom of a screw 
laXe¥eloMmaali-4auem ate\ =m oket-lamer-laat--x-1omero)an) of-] clon Koll o\-1K0) qm 


309 Wired https://www.wired.com/2013/12/better-data-security-nail-polish/ A’chive-orél 


Page 70 of 243 








MaveM mlineialall<-leecn 10) (e(-mon @)alilal-w-Valeyanzanlia’g 





The same techniques can be used with USB ports where you could just put a tiny amount of candle wax within the 
plug that would be damaged by inserting a USB key in it. 


In riskier environments, check your laptop for tampering before using it regularly. 


The Whonix route: 


Picking your Host OS (the OS installed on your laptop): 
This route will make extensive use of Virtual Machines?"°, they will require a host OS to run the Virtualization 
software. You have three recommended choices in this part of the guide: 
Cin Cole] mu Mfalep aco licina] olUi ato) ame) meiato)(er-m(=><oll le || alm O10] ol 1m Os) 
Cama sal axoCon visu KOM ( ol a=izla-] ol \Va mlolaat=MeYeliu(olaMo[U[-Mxom dal=i-) okx-1a(e-Mo) msiiu lolol <-la) 
© Windows 11 is not yet supported yet by this guide 
e macOS (Catalina or higher up to Monterey) 


Tale KeKehiuto)a yal at- late =cwr-la-Malt-4adar-]mnycel0] an \Y/ F-lou [omo) am al-kcu of-t-la im d[=Le Mol] aw -\0)0)(-m-laeol alan (lm da(omulgal-Meolm olU [qe ar-\\-Melamr-vincls 
signing-in) and therefore its unique hardware identifiers could lead back to you in case of hardware identifiers leak. 


Linux is also not necessarily the best choice for anonymity depending on your threat model. This is because using 
Windows will allow us to conveniently use Plausible Deniability*** (aka Deniable Encryption?”) easily at the OS level. 
Windows is also unfortunately at the same time a privacy nightmare**’ but is the only easy to set up option for using 
OS-wide plausible deniability. Windows telemetry and telemetry blocking are also widely documented which should 
mitigate many issues. 


So, what is Plausible Deniability? You can cooperate with an adversary requesting access to your device/data 
without revealing your true secret. All this using Deniable Encryption*“*. 


A soft lawful adversary could ask for your encrypted laptop password. At first, you could refuse to give out any 
password (using your “right to remain silent”, “right not to incriminate yourself”) but some countries are 
implementing laws***’ 32° to exempt this from such rights (because terrorists and “think of the children”). In that case, 
you might have to reveal the password or face jail time in contempt of court. This is where plausible deniability will 


come into play. 


You could then reveal a password, but that password will only give access to “plausible data” (a decoy OS). The 
forensics will be well aware that it is possible for you to have hidden data but should not be able to prove this (if you 
do this right). You will have cooperated, and the investigators will have access to something but not what you 


310 Wikipedia, Virtual Machine https://en.wikipedia.org/wiki/Virtual_machine ikiless] [Archive.org] 


311 Wikipedia, Plausible Deniability https://en.wikipedia.org/wiki/Plausible_deniability 'Wikiless] [Archive.org] 

312 Wikipedia, Deniable Encryption https://en.wikipedia.org/wiki/Deniable_encryption /ikiless] [Archive.org] 

313 PrivacyGuides.org, Don't use Windows 10 - It's a privacy nightmare https://privacyguides.org/operating-systems/#win10 
[Archive org] 

314 Wikipedia, Deniable Encryption https://en.wikipedia.org/wiki/Deniable_encryption /ikiless] [Archive.org} 

315 Wikipedia, Key Disclosure Laws https://en.wikipedia.org/wiki/Key_disclosure_law !Wikiless] [Archive.org] 


316 GP Digital, World map of encryption laws and policies https://www.gp-digital.org/world-map-of-encryption/ “"hve--rel 
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actually want to hide. Since the burden of proof should lie on their side, they will have no options but to believe you 
unless they have proof that you have hidden data. 


This feature can be used at the OS level (a plausible OS and a hidden OS) or at the files level where you will have an 
encrypted file container (similar to a zip file) where different files will be shown depending on the encryption 
password you use. 


Malice] Yom natet-accm’Zelemocel0] (omcr=] a0) oMIZoLU] mo) pi-Loh\/-] alerto ium 0) F-TUIcy] 0] (Mol=Valt-]o)] lim amecye1d0] om Uc) [aya-VaNVal m (els OM o\VMKol al alsa cols 
instance Virtual Machines on a Veracrypt hidden volume container (be careful of traces in the Host OS tho that 
would need to be cleaned if the host OS is persistent, see Some additional measures against forensics section later). 
There is a project for achieving this within Tails (https://github.com/aforensics/HiddenVM /"hve-°"8l) which would 
make your Host OS non-persistent and use plausible deniability within Tails. 


In the case of Windows, plausible deniability is also the reason you should ideally have Windows 10 Home (and not 
Pro). This is because Windows 10 Pro natively offers a full-disk encryption system (Bitlocker??’) where Windows 10 
Home offers no full-disk encryption at all. We will later use third-party open-source software for encryption that will 
allow full-disk encryption on Windows 10 Home. This will give you a good (plausible) excuse to use this software. 
While using this software on Windows 10 Pro would be suspicious. 


Note about Linux: So, what about Linux and plausible deniability? Yes, it is possible to achieve plausible deniability 
with Linux too. More information within the Linux Host OS section later. 


Unfortunately, encryption is not magic and there are some risks involved: 


Threats with encryption: 

The 5S Wrench: 

Iclaatelan) ole) and ate] m=) ereiay/oldelam\iiuame) ani iia ate0iume)f-[0is)|e)(-mel-lalt-]o)i|imvmism alo) mr- Mv] \V-1au ol] (-mr-]aveMW/1| Melee) mlidu(-MU-M lame (-Mo) 
torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to 
use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: https://defuse.ca/truecrypt-plausible- 
deniability-useless-by-game-theory.htm "chive ors] 


Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means. Avoid, if 
possible, the use of plausible deniability-capable software (such as Veracrypt) if your threat model includes hard 
adversaries. So, Windows users should in that case install Windows Pro as a Host OS and use Bitlocker instead. 


See https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis 'Wikiess] [Archive.org] 


Evil-Maid Attack: 

Evil Maid Attacks?8 are conducted when someone tampers with your laptop while you are away. To install to clone 
your hard drive, install malware or a key logger. If they can clone your hard drive, they can compare one image of 
your hard drive at the time they took it while you were away with the hard drive when they seize it from you. If you 
used the laptop again in between, forensics examiners might be able to prove the existence of the hidden data by 
looking at the variations between the two images in what should be an empty/unused space. This could lead to 
compelling evidence of the existence of hidden data. If they install a key logger or malware within your laptop 
(software or hardware), they will be able to simply get the password from you for later use when they seize it. Such 
attacks can be done at your home, your hotel, a border crossing, or anywhere you leave your devices unattended. 


You can mitigate this attack by doing the following (as recommended earlier): 

e Have basic tamper protection (as explained previously) to prevent physical access to the internals of the 
laptop without your knowing. This will prevent them from cloning your disks and installing a physical key 
logger without your knowledge. 

e Disable all the USB ports (as explained previously) within a password-protected BIOS/UEFI. Again, they will 
not be able to turn them on (without physically accessing the motherboard to reset the BIOS) to boot a USB 
device that could clone your hard drive or install a software-based malware that could act as a key logger. 


317 Wikipedia, Bitlocker https://en.wikipedia.org/wiki/BitLocker Wikies] [Archive.org] 
318 Wikipedia, Evil Maid Attack https://en.wikipedia.org/wiki/Evil_maid_attack Wikiless] [Archive.org] 
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e Set up BIOS/UEFI/Firmware passwords to prevent any unauthorized boot of an unauthorized device. 
e Some OSes and Encryption software have anti-EvilMaid protection that can be enabled. This is the case with 
Windows/Veracrypt and QubeOS. 


Cold-Boot Attack: 
Cold Boot attacks>"° are trickier than the Evil Maid Attack but can be part of an Evil Maid attack as it requires an 
adversary to come into possession of your laptop while you are actively using your device or shortly afterward. 


The idea is rather simple, as shown in this video*”°, an adversary could theoretically quickly boot your device on a 
special USB key that would copy the content of the RAM (the memory) of the device after you shut it down. If the 
USB ports are disabled or if they feel like they need more time, they could open it and “cool down” the memory 
using a spray or other chemicals (liquid nitrogen for instance) preventing the memory from decaying. They could 
then be able to copy its content for analysis. This memory dump could contain the key to decrypt your device. We 
will later apply a few principles to mitigate these. 


In the case of Plausible Deniability, there have been some forensics studies*** about technically proving the presence 


(oy ma atom ay(elelclamer-je- WM didam-Mi]00) 8) (eM colaclactiom=>clanlfarcia(olam (ivdlualele m= @ce) (0M sofo) 7A ah] M\Y/F-l(eW-\de-(o.9)u oLU and al -Kx=W af \VeMl of<Le)g) 
contested by other studies? and by the maintainer of Veracrypt*?? so | would not worry too much about those yet. 


The same measures used to mitigate Evil Maid attacks should be in place for Cold Boot attacks with some added 
ones: 

e If your OS or Encryption software allows it, you should consider encrypting the keys within RAM too (this is 
possible with Windows/Veracrypt and will be explained later). Again see 
https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/ Archive-crs] 

e Do enable the option to Wipe keys from memory if a device is inserted in Veracrypt. 

Mam COLUM) aol] (eM Mlanliondal=MUKY-Mo) ms) (-1-1 oMcie-] aloes o\Var-laleM [acincr-(eMUI-ms)alUino(o) a Me) al nliel-1aar-lmom eM ola -nV-lal mid al-M-Tarela/ ed (ela 
keys from staying in RAM when your computer goes to sleep. This is because sleep will maintain power in 
your memory for resuming your activity faster. Only hibernation and shutdown will actually clear the key 
from the memory?~4. 


See also https://www.whonix.org/wiki/Cold_Boot_Attack_Defense “'hve-0'8] and 
https://www.whonix.org/wiki/Protection_Against_Physical_ Attacks Archiver] 


Here are also some interesting tools to consider for Linux users to defend against these: 


e https://github.com/OxPoly/Centry “"*°el (unfortunately unmaintained it seems so | made a fork and pull 
request updating for Veracrypt https://github.com/AnonymousPlanet/Centry 4he-°'8] which should still 
work) 

e = https://github.com/hephaestOs/usbkill 4""'“*°"e! (unfortunately unmaintained as well it seems) 

e = https://github.com/Lvl4Sword/Killer “hive ors) 

e = https://askubuntu.com/questions/153245/how-to-wipe-ram-on-shutdown-prevent-cold-boot-attacks 


Niel aY\V-meol 94 | 


e (Qubes OS, Intel CPU only) https://github.com/QubesOS/qubes-antievilmaid ’hve-ors] 


319 Wikipedia, Cold Boot Attack https://en.wikipedia.org/wiki/Cold_boot_attack 'Wikiless] [Archive org] 

320 CITP 2008 (https://www.youtube.com/watch?v=JDaicPign9U) Hnvidious] 

321 ResearchGate, Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems 
https://www.researchgate.net/publication/318155607_Defeating Plausible_Deniability_of_VeraCrypt_Hidden_ Operating Syste 
ms [Archive org] 

322 SANS.org, Mission Implausible: Defeating Plausible Deniability with Digital Forensics https://www.sans.org/reading- 
room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500 Archive orel 

323 SourceForge, Veracrypt Forum https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33fat/ Archive or] 

324 Microsoft, BitLocker Countermeasures https://docs.microsoft.com/en-us/windows/security/information- 


protection/bitlocker/bitlocker-countermeasures A’chive.oral 
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About Sleep, Hibernation, and Shutdown: 

If you want better security, you should shut down your laptop completely every time you leave it unattended or 
close the lid. This should clean and/or release the RAM and provide mitigations against cold boot attacks. However, 
this can be a bit inconvenient as you will have to reboot completely and type in a ton of passwords into various apps. 
SXcNoh te] a MAY Ze] AL OLUISIAVALY/KoWr=] ale MO) a=) a] 0) oSMESYOM [ats] X=F-[o PmNOLU Mx OLUl (0 M-] KoMULX=W al] of=1aal-\a(o)aM (alo) M10] 0) ole) au-leMolp MOU] ofS Oh) MES alec=) 
the whole disk is encrypted, hibernation in itself should not pose a large security risk but will still shut down your 
F-yelne) om-Valemelct-landal=manl-aalelavmaali(em-lie\ndlal-an cele mnemxelahclaliclald Messe laatemOlUlmn Vola @r-lamclaNvclaemm \Viar-] Mm tcolUmdarele] (| 
never do is using the standard sleep feature which will keep your computer on, and the memory powered. This is 
an attack vector against evil-maid and cold-boot attacks discussed earlier. This is because your powered-on 
memory holds the encryption keys to your disk (encrypted or not) and could then be accessed by a skilled 
adversary. 


This guide will provide guidance later on how to enable hibernation on various host OSes (except Qubes OS) if you 
do not want to shut down every time. 


Mo Yer=) i Dye trol Mate] om Ga graLeraXs) it] ale mike) a=) aries =). claalialclulelar 

As mentioned briefly earlier, these are data leaks and traces from your operating system and apps when you 
rol=Ya ie) aaaiclalvarc\oid \V inva) aM v{olU]aroo)pay olUin=) om i alats<¥p aLolcyi hare] oo) VmkoM=) a(oray/ oln-lom il (Meco) ale=/al-leom Au Uivame) mana ivarel0im@o) f-lUKcy] 0) (-) 
deniability) than OS-wide encryption. Such leaks are less “important” if your whole OS is encrypted (if you are not 
compelled to reveal the password). 


Let us say for example you have a Veracrypt encrypted USB key with plausible deniability enabled. Depending on the 
password you use when mounting the USB key, it will open a decoy folder or the sensitive folder. Within those 
folders, you will have decoy documents/data within the decoy folder and sensitive documents/data within the 
sensitive folder. 


In all cases, you will (most likely) open these folders with Windows Explorer, macOS Finder, or any other utility and 
do whatever you planned to do. Maybe you will edit a document within the sensitive folder. Maybe you will search 
for a document within the folder. Maybe you will delete one or watch a sensitive video using VLC. 


Well, all those Apps and your Operating System might keep logs and traces of that usage. This might include the full 
path of the folder/files/drives, the time those were accessed, temporary caches of those files, the “recent” lists in 
each app, the file indexing system that could index the drive, and even thumbnails that could be generated 


Here are some examples of such leaks: 


NiVdTatelohnVicy 
e Windows ShellBags that are stored within the Windows Registry silently storing various histories of accessed 
volumes/files/folders?2°. 
e Windows Indexing keeping traces of the files present in your user folder by default?”°. 
e Recent lists (aka Jump Lists) in Windows and various apps keeping traces of recently accessed documents?2’. 
e Many more traces in various logs, please see this convenient interesting poster for more insight: 


https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download *hive.ore] 


CM Cle] n=) <-1-] 01-) aecace alo WD, 4 2 ney n-Yo1m <-110)| ava e-Yol ae) mYZolU lame (ednVinl oY-Lol alinelavala le (eler=] Me f-l-]er-x-¥-l atoll -Welada] olUin-n 


e Spotlight Indexing 


325 SANS, Windows ShellBag Forensics in-depth https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag- 
forensics-in-depth-34545 Archive.org] 

326 University of York, Forensic data recovery from the Windows Search Database 
https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.p 
df [Archive.org] 

327 A forensic insight into Windows 10 Jump Lists https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0- 
$1742287616300202-main.2-14.pdf Archiveorel 

328 Wikipedia, Gatekeeper https://en.wikipedia.org/wiki/Gatekeeper_(macOS) /ikiless] [Archive.org] 
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e Recent lists in various apps keeping traces of recently accessed documents. 
e Temporary folders keeping various traces of App usage and Document usage. 
e macOS Logs 


Cem Neel <=) am fave(=>.dlals4 

e Bash History 

Ci Os) 3 (0y24s) 

e Recent lists in various apps keeping traces of recently accessed documents. 
e = Linux Logs 


Forensics could?2”’3? use all those leaks (see Local Data Leaks and Forensics) to prove the existence of hidden data 
and defeat your attempts at using plausible deniability and to find out about your various sensitive activities. 


It will be therefore important to apply various steps to prevent forensics from doing this by preventing and cleaning 
id ay=KxeM (at-] Van aclecicwe ale Manto) coMina) ole) am-Vaua va on mel) [atom ave) (-Me lk} .aralaleiay, old(olammvdlader-)|Pz-1dfolamm-lavemecelea)ey-ladael=\alecliPcclilelan 


me) c=l aici (om or= | alate) mr=d.4uer-\oi em (oXer-] Mel-le-M(-t-] <M golan i=] am OMe al=\\aer- | alalol mr-\ea-\ctcew Vale MYO IN Z11 of-i-] 0) (-mnoMell-t-laluaalossi meyimu alos-1-) 
traces by wiping the drive or by securely erasing your virtual machines (which is not as easy as you think on SSD 
drives). 


Some cleaning techniques will nevertheless be covered in the “Cover your Tracks” part of this guide at the very end. 


Online Data Leaks: 
VVAateda ate) an oll |aomUlS al-mcyian) o)(-m-laleavs old(o)amo) amo) f-Uis1] o)(-mol-lalt-]e)|imvaclaleiay/ old (e)amm salami miZelU mae) \(-1q-10 MV o0 ana e-(e <u o) ain alc) 
computer itself. There is still a risk of online data leaks that could reveal the presence of hidden data. 


Telemetry is your enemy. As explained earlier in this guide, the telemetry of Operating Systems but also from Apps 
can send staggering amounts of private information online. 


In the case of Windows, this data could for instance be used to prove the existence of a hidden OS / Volume ona 
computer and would be readily available at Microsoft. Therefore, it is critically important that you disable and block 
telemetry with all the means at your disposal. No matter what OS you are using. 


Conclusion: 

You should never conduct sensitive activities from a non-encrypted system. And even if it is encrypted, you should 
never conduct sensitive activities from the Host OS itself. Instead, you should use a VM to be able to efficiently 
Xo) F-ln=W-] ale mexo)any ox-]adaal=l ait] |P4-m{ole) m= Lola l Vid (ior-] ale 0) a =0V{-1 aie (oXer-] Mol- 1 (te) aon 


HiMYZeLU I a-NYZem [ie (=M ROM aLoM aaron" (=e |-X-Mo) ml Ml alU) ao) mu LmnYZOLU IN Z-] alum nen UK{om Olseanvi(o(-Wo)F-1UK] o)(-Mol=lali-]e)| fiavam are) aalaat-lave xe) | alcamiels 
Windows (or back to the Tails route) for convenience. This guide will help you hardening it as much as possible to 
prevent leaks. This guide will also help you hardening macOS and Linux as much as possible to prevent similar leaks. 


If you have no interest in OS-wide plausible deniability and want to learn to use Linux, | will strongly recommend 
going for Linux or the Qubes OS route if your hardware allows it. 


In all cases, the host OS should never be used to conduct sensitive activities directly. The host OS will only be used 
to connect to a public Wi-Fi Access Point. It will be left unused while you conduct sensitive activities and should 
ike (=F) I Weave) ol-MULx-(o Mi col ar-Talv Moy mele] mrer-)\canemrer-\Vm-lad\ Wid (-\- 


Consider also reading https://www.whonix.org/wiki/Full_Disk_Encryption#Encrypting_Whonix_VMs ["hive.ore] 


Linux Host OS: 
As mentioned earlier, | do not recommend using your daily laptop for sensitive activities. Or at least | do not 
recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to 
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de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to 
wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. 


| also recommend that you do the initial installation completely offline to avoid any data leak. 


You should always remember that despite the reputation, Linux mainstream distributions (Ubuntu for instance) are 
not necessarily better at security than other systems such as macOS and Windows. See this reference to understand 
why https://madaidans-insecurities.github.io/linux.html| 4rhive-orel 


Full disk encryption: 
There are two routes here with Ubuntu or Debian based distros: 
e Using LUKS: 
o Without plausible deniability: 
= (Recommended and easy) Encrypt as part of the installation process: 
https://ubuntu.com/tutorials/install-ubuntu-desktop /’hive-crel 
e This process requires the full erasure of your entire drive (clean install). 
e Just check the “Encrypt the new Ubuntu installation for security” 
= (Tedious but possible) Encrypt after installation: 
https://help.ubuntu.com/community/ManualFullSystemEncryption “*hve-ore) 
o With plausible deniability: See the next section The Detached Headers Way 
e Using Veracrypt: 
o With or without plausible deniability: See the next section The Veracrypt Way 


For other distros, you will have to document yourself, but it will likely be similar. Encryption during install is just 
much easier in the context of this guide. 


Note about plausible deniability on Linux: 
There are several ways to achieve plausible deniability on Linux 
details about some of the ways | would recommend. All these options require some higher level of skills at using 


329 and it is possible to achieve. Here are some more 


Linux. 


The Detached Headers Way: 

While not supported yet by this guide, it is possible to achieve a form of deniability on Linux using LUKS by using 
detached LUKS headers. For now, | will redirect you toward this page for more information: 
https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_system_using_a_detached_LUKS_header /'chive orel 


The Veracrypt Way: 

It is technically possible to not only use Veracrypt but also to achieve plausible deniability on a Linux Host OS by 
using Veracrypt for system full-disk encryption (instead of LUKS). This is not supported by Veracrypt (System 
encryption is only supported on Windows) and requires some tinkering with various commands. This is not 
recommended at all for unskilled users and should only be used at your own risk. 


The steps to achieve this are not yet integrated into this guide but can be found here: 
http://dreadytofatroptsdj6io7|3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/5779e55aae7fc06e4758 (this is a 
.onion address and requires Tor Browser). 


Reject/Disable any telemetry: 
e During the install, just make sure you do not allow any data collection if prompted. 
e If you are not sure, just make sure you did not enable any telemetry and follow this tutorial if needed 
https://vitux.com/how-to-force-ubuntu-to-stop-collecting-your-data-from-your-pc/ [Archive.ore] 
e Any other distro: You will need to document yourself and find out yourself how to disable telemetry if there 
is any. 


329 Alpine Linux Wiki, Setting up a laptop https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop A’hive-orel 
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Disable anything unnecessary: 
Clan D)(c¥-1 0] (<=) U(-1eololda Mime) ate] o)(=1em onvmce)|CoN diatom ealicws40](o(-M alad olceyMAVVANVANVAr-Tolol(old\ Vicia] oksmololaaVAUlole/aiaU elt alU hc 
tips/disable-bluetooth-in-ubuntu/ 4"e-"8 or issuing the following command: 
o sudo systemctl disable bluetooth.service --force’~ 
e Disable Indexing if enabled by default (Ubuntu >19.04) by following this guide 
https://www.linuxuprising.com/2019/07/how-to-completely-disable-tracker.html 4"he-'8] or issuing the 
following commands: 
o sudo systemctl --user mask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service 
tracker-extract.service tracker-miner-apps.service tracker-writeback.service ~ 
= You can safely ignore any error if it says some service does not exist 
© sudo tracker reset -hard*~ 


Hibernation: 

As explained previously, you should not use the sleep features but shut down or hibernate your laptop to mitigate 
some evil-maid and cold-boot attacks. Unfortunately, this feature is disabled by default on many Linux distros 
including Ubuntu. It is possible to enable it, but it might not work as expected. Follow this information at your own 
aS) em Line eo (oM ate) mn Z-lalen Kom o(onh dal (cpmyolUM) Tol] (0M al-\V(-1 MUL Yomi al-ms)(-1-) om AU lareid (olan) atom oXe)\(-)molam laccin-t-(eM (lace mcy-mdalome, 
closing behavior to power off instead of sleep). 


Follow one of these tutorials to enable Hibernate: 
e = https://www.how?2shout.com/linux/how-to-hibernate-ubuntu-20-04-Its-focal-fossa/ “rchive.ors] 
e http://www. lorenzobettini.it/2020/07/enabling-hibernation-on-ubuntu-20-04/ chve-crel 
e https://blog.ivansmirnov.name/how-to-set-up-hibernate-on-ubuntu-20-04/ |*chive.ore] 


After Hibernate is enabled, change the behavior so that your laptop will hibernate when you close the lid by 
following this tutorial for Ubuntu 20.04 http://ubuntuhandbook.org/index.php/2020/05/lid-close-behavior-ubuntu- 
20-04/ rchiveor8] and this tutorial for Ubuntu 18.04 https://tipsonubuntu.com/2018/04/28/change-lid-close-action- 
ubuntu-18-04-Its/ "he-'8]_ There is no tutorial yet for Ubuntu 21.04 or 21.10 but the above for 20.04 should 

fe) qe) of-] 6) WA ie) a ane lon 


Unfortunately, this will not clean the key from memory directly when hibernating. To avoid this at the cost of some 
performance, you might consider encrypting the swap file by following this tutorial: 
https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap /"hive.ors] 


These settings should mitigate cold boot attacks if you can hibernate fast enough. 


Enable MAC address randomization: 
e Ubuntu, follow these steps https://help.ubuntu.com/community/AnonymizingNetworkMACAddresses 
Niel aYVMel g4 | 
e Any other distro: you will have to find the documentation yourself, but it should be quite similar to the 
Ubuntu tutorial. 


e Consider this tutorial which should still work: https://josh.works/shell-script-basics-change-mac-address 
Niel aY\Vmol g4 | 


in lelgolaaiigiem aiglehe 
As a light introduction for new Linux users, consider https://www.youtube.com/watch?v=Sa0KqbpLyed lnvidious] 


olan ante) new atxe (=) oldal-Vavem-\eV/-lales\e me) old(o) pial n-1i-)aine} 

* This excellent guide: https://madaidans-insecurities.github.io/guides/linux-hardening.html] A‘chve-cre] 
This excellent wiki resource: https://wiki.archlinux.org/title/Security “"h've-o! 
These excellent scripts are based on the guide and wiki above: 
https://codeberg.org/SalamanderSecurity/PARSEC ’chive.orel 
These tools that can help you harden your Linux Kernel: 

° — Lynis: https://github.com/CISOfy/lynis 

° Kconfig-hardened-check: https://github.com/a13xpO0pOv/kconfig-hardened-check 
Consider the use of KickSecure when using Debian: https://www.whonix.org/wiki/Kicksecure Archive.orl 
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This interesting article: http://Opointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html 
[Archive.org] 


Setting up a safe Browser: 
See Appendix G: Safe Browser on the Host OS 


macOS Host OS: 

Note: At this time, this guide will not support ARM M1 MacBooks (yet). Due to Virtualbox not supporting this 
architecture yet. It could however be possible if you use commercial tools like VMWare or Parallels but those are 
not covered in this guide. 


As mentioned earlier, | do not recommend using your daily laptop for sensitive activities. Or at least | do not 
recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to 
(ol=er-] ale) aNVanlP4-molOPm IimVZolUMar-)=wr- Me l=lol[er-yn=e M[-]o1xe) ome) and al cpm ZolU S) alole] (ea) acim-]|-mig=t3) amel(=t-1 a Oya me 10 elo Male) mN(-al mine) 
VA oX=mnvZolU] am f=] one) ob lato Mcin-]ame\(=1 em ZolU Mare l0] (mae) ats (o(-landal MM it-| om gol¥ in -Mo) alo) goler-\-10 r-] mV(ol0] mon ama). e 


| also recommend that you do the initial installation completely offline to avoid any data leak. 
Do not ever sign in with your Apple account using that Mac. 


During the install: 
e Stay Offline 
e Disable all data sharing requests when prompted including location services 
Caen Blom alo) meii-40 am UivawVe) e)(=1 
Cae DYoM alo) mt=1ar-]¢) (ms) ia 


Hardening macOSs: 
As a light introduction for new macOS users, consider https://www.youtube.com/watch ?v=IFxSicuE6lo !nvidious] 


NoMa Kom -XoM ante) aml anrei=) old am lamcr-\olblalal-ar- laren a-)ael=vallatantcolel am aat-\e Ohya maclaolaaleat-lalomazr-lellatmaal Milian l0|oM:40](o(-mivalvelal 
should cover many of the issues: https://github.com/drduh/macOS-Security-and-Privacy-Guide “hiveors] 


Here are the basic steps you should take after your offline installation: 


Enable Firmware password with “disable-reset-capability” option: 
First, you should set up a firmware password following this guide from Apple: https://support.apple.com/en- 
us/HT204455 [rchive.org] 


Unfortunately, some attacks are still possible and an adversary could disable this password so you should also follow 
this guide to prevent disabling the firmware password from anyone including Apple: https://support.apple.com/en- 
gb/guide/security/sec28382c9ca/web Archive.ore] 


Enable Hibernation instead of sleep: 
Again, this is to prevent some cold-boot and evil-maid attacks by powering down your RAM and cleaning the 
encryption key when you close the lid. You should always either hibernate or shut down. On macOS, the hibernate 
st=¥- 10] CM=AY(=1 0M al-KoW= eS) oL=Lel f=] eo) o) (ela mao mc ol =Yolyi er-])\Vacell=y-) an dateM = alelay] oldieam <c\vmiceleamanlslanto)avayidalclamallel=laatvalal-m QiYalIemiZole) 
might have to wait for the memory to decay on other Operating Systems). Once again there are no easy options to 
do this within the settings so instead, we will have to do this by running a few commands to enable hibernation: 
e Opena Terminal 
e Run: ‘sudo pmset -a destroyfvkeyonstandby 1°~ 
o This command will instruct macOS to destroy the Filevault key on Standby (sleep) 
e Run: sudo pmset -a hibernatemode 25°” 
omen Malicmece)anlant-/areM dil Mi akcidae (eins a¥-(e@ sm Kol ofo)'(-1ao) immu alm ant=anie) aVmel lal al-mci(=t-) om |akciney-lo me) me(e)[alcar-M any, el a(e| 
hibernate that keeps the memory powered on. It will result in slower wakes but will increase battery 
hice 


INKoN AAW aXe) aNn ZoL¥ Imei (os{=M ud al=M [Co Mo) MVZoLU] am \V/ -Lols{ole) om ims) avo l0] (oll all ol=laar-inem laksinct-\o Mo) mci (c\)o-) ale Maalidfet-acM-]anclae) Oasir] a 
performing cold-boot attacks. 
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In addition, you should also set up an automatic sleep (Settings > Energy) so that your MacBook will hibernate 
automatically if left unattended. 


Disable unnecessary services: 
Disable some unnecessary settings within the settings: 
e Disable Bluetooth 
Cn D) [cr] 0) (=a at = Or-] eal =1e- We TaLoMm Viele) olalelat 
Cie D) cr] 0) (= Moler-} (ea msy-1 ad (e(=15 
Ce D) ix] 0) (-W-\i ge [ao] ) 
Cie Dix] 6) (em alel=>dlals4 


Prevent Apple OCSP calls: 
These are the infamous “unblockable telemetry” calls from macOS Big Sur disclosed here: 
https://sneak.berlin/20201112/your-computer-isnt-yours/ "hive.orel 


You could block OCSP reporting by issuing the following command in Terminal: 
CTU [0 (00K) g ee OOK =1 0] 0 IVY 1 OH O BM NK 0x} 0 =] 0) 0) (= C010) g 0 MP8 A=) (07 A a(0)<) Kona 


But you should document yourself on the actual issue before acting. This page is a good place to start: 
https://blog.jacopo.io/en/post/apple-ocsp/ “hve-orel 


Up to you really. | would block it because | do not want any telemetry at all from my OS to the mothership without 
my specific consent. None. 


Enable Full Disk encryption (Filevault): 
b LolU IS} sole] (oM=lar-]e) (=m alll Melk at-larelayd elu(olame)aMvZele/am \V/F-LomUKy[ a} ail (-\Vc-10] | me-(xol gol] at-mkoMdalcM ef-]amo) muat-W-40)[6(-n 
https://github.com/drduh/macOS-Security-and-Privacy-Guide#full-disk-encryption “*hive-or] 


Be careful when enabling. Do not store the recovery key at Apple if prompted (should not be an issue since you 
should be offline at this stage). You do not want a third party to have your recovery key. 


MAC Address Randomization: 

Unfortunately, macOS does not offer a native convenient way of randomizing your MAC Address and so you will 
have to do this manually. This will be reset at each reboot, and you will have to re-do it each time to ensure you do 
not use your actual MAC Address when connecting to various Wi-Fis 


You can do this by issuing the following commands in terminal (without the parentheses): 
e (Turn the Wi-Fi off) “*networksetup -setairportpower enO off” 
e (Change the MAC Address) sudo ifconfig enO ether 88:63:11:11:11:11 ~ 
e (Turn the Wi-Fi back on) *networksetup -setairportpower enO on 


Setting up a safe Browser: 
See Appendix G: Safe Browser on the Host OS 


NAVATaYe Ke) \ Sim (e)s1 O)S¥ 

As mentioned earlier, | do not recommend using your daily laptop for sensitive activities. Or at least | do not 
recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to 
de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to 
wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. 


| Xo =Xeco)aalant=lare ma arian vole me (oma at-Mlalidt-] Ml avcin-] | t-ia(olameoleale)(-ix-l\mevaillalsmaen-)Ve)(el-laNvael-le- Ml [-t-],.¢ 


Installation: 
You should follow Appendix A: Windows Installation 


As a light introduction, consider watching https://www.youtube.com/watch ?v=vNRics7tlqw "nvidious] 


Enable MAC address randomization: 
You should randomize your MAC address as explained earlier in this guide: 
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Go into Settings > Network & Internet > Wi-Fi > Enable Random hardware addresses 
Alternatively, you could use this free piece of software: https://technitium.com/tmac/ "hve! 


Setting up a safe Browser: 
See Appendix G: Safe Browser on the Host OS 


Enable some additional privacy settings on your Host OS: 
See Appendix B: Windows Additional Privacy Settings 


Windows Host OS encryption: 
If you intend to use system-wide plausible deniability: 
Veracrypt>” is the software | will recommend for full-disk encryption, file encryption, and plausible deniability. It is a 
fork of the well-known but deprecated and unmaintained TrueCrypt. It can be used for: 
e Full Disk simple encryption (your hard drive is encrypted with one passphrase). 
e Full Disk encryption with plausible deniability (this means that depending on the passphrase entered at boot, 
VZOLU MUI =diual =) an ofelo) mr- ol -Yere)’a OMe) ar-Wu al(6(o(-10O)s) B 
e File container simple encryption (it is a large file that you will be able to mount within Veracrypt as if it were 
an external drive to store encrypted files within). 
e File container with plausible deniability (it is the same large file but depending on the passphrase you use 
when mounting it, you will either mount a “hidden volume” or the “decoy volume”). 


It is to my knowledge the only (convenient and usable by anyone) free, open-source, and openly audited? 
encryption software that also provides plausible deniability for widespread use and it works with Windows Home 
Edition. 


Go ahead and download and install Veracrypt from: https://www.veracrypt.fr/en/Downloads.html chive.ore] 


After installation, please take a moment to review the following options that will help mitigate some attacks: 

e Encrypt the memory with a Veracrypt option? (settings > performance/driver options > encrypt RAM) ata 
cost of 5-15% performance. This setting will also disable hibernation (which does not actively clear the key 
when hibernating) and instead encrypt the memory altogether to mitigate some cold-boot attacks. More 
details about this feature here: 
https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/ Archiveors] 

e Enable the Veracrypt option to wipe the keys from memory if a new device is inserted (system > settings > 
security > clear keys from memory if a new device is inserted). This could help in case your system is seized 
Vay Lemuel |e) alm (10) ma (ole <-to) B 

e Enable the Veracrypt option to mount volumes as removable volumes (Settings > Preferences > Mount 
volume as removable media). This will prevent Windows from writing some logs about your mounts in the 
Event logs?? and prevent some local data leaks. 

e Becareful and have a good situational awareness if you sense something weird. Shut your laptop down as 
fast as possible. 


If you do not want to use encrypted memory (because performance might be an issue), you should at least enable 
hibernation instead of sleep. This will not clear the keys from memory (you are still vulnerable to cold boot attacks) 
but at least should mitigate them if your memory has enough time to decay. 


More details later in Route A and B: Simple Encryption using Veracrypt (Windows tutorial). 


330 Wikipedia Veracrypt https://en.wikipedia.org/wiki/VeraCrypt !ikiless] [Archive.org] 

331 OSTIF Veracrypt Audit, 2016, https://web.archive.org/web/https://ostif.org/the-veracrypt-audit-results/ 
332 Veracrypt Documentation, Unencrypted Data in RAM 
https://www.veracrypt.fr/en/Unencrypted%20Data%20in%20RAM.html rchive.ore] 


333 Veracrypt Documentation, Data Leaks https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html 
[Archive org] 
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If you do not intend to use system-wide plausible deniability: 

For this case, | will recommend the use of BitLocker instead of Veracrypt for the full disk encryption. The reasoning is 
id a¥e]mus}in Molol. <=) ao (ol=tom atom oy aiclar-Me)(-10ic)|o)(-Mel-lalt-le)] [hava oxexss}] ol] [imvmere) alue=] AVON AI eel a/ oLmw-Wat-] qe l= le lV{-1 act] ava at-somaal=1am ale) 
incentive in pursuing his “enhanced” interrogation if you reveal the passphrase. 


Normally, you should have installed Windows Pro in this case and the BitLocker setup is quite straightforward. 


Basically, you can follow the instructions here: https://support.microsoft.com/en-us/windows/turn-on-device- 
encryption-0c453637-bc88-5f74-5105-741561aae838 Aihive.ore] 


But here are the steps: 


Click the Windows Menu 
Type “Bitlocker” 
Click “Manage Bitlocker” 
Click “Turn on Bitlocker” on your System Drive 
Follow the instructions 
© Donot save your recovery key to a Microsoft Account if prompted. 
© Only save the recovery key to an external encrypted drive. To bypass this, print the recovery key 
using the Microsoft Print to PDF printer and save the key within the Documents folder. Delete that 
file later. 


o Encrypt Entire Drive (do not encrypt the used disk space only). 
o Use “New Encryption Mode” 

o Run the BitLocker Check 

o Reboot 


Encryption should now be started in the background (you can check by clicking the Bitlocker icon on the 
lower right side of the taskbar). 


Unfortunately, this is not enough. With this setup, your Bitlocker key can just be stored as-is in the TPM chip of your 
computer. This is rather problematic as the key can be extracted in some cases with ease?” 33°” 33337, 


To mitigate this, we will have to enable a few more options as per the recommendations of Microsoft?**: 


Click the Windows icon 
Type Run 
Type “gpedit.msc” (this is the group policy editor) 
Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker > 
Operating System Drives 
opm DYol0] 6) (Ml l(ol ad al-Wm {re UI c-W-Voleliu(olar-lW-\Ulual-Vald(er-d(olam-lms) i] ade] of 
= Click the “Configure TPM Startup PIN” and set it to “Require Startup PIN with TPM” 
o Double Click the “Allow enhanced PINs for startup” 
=" Click the “Enable” (this will allow us to set a password rather than a PIN) 
Close the Group Policy Editor 
Click the Windows icon 
Type Command to display the “Command Prompt” 
Right Click on it and click “Run as Administrator” 
Run ~~ manage-bde -protectors -delete c:*~ (this will delete current protection: the recovery key we will not 
rateyexe)) 


334 Dolos Group, From Stolen Laptop to Inside the Company Network https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop- 
to-inside-the-company-network !"chive.ore] 

335 Trammell Hudson's Projects, Understanding TPM Sniffing Attacks https://trmm.net/tpm-sniffing/ “'chive-cre! 

case (ol aW-\U] ol m=\ aur-}a tLe 4) atom f-lolne) olsmu alc] ar-la-m o) eye =to1n-\o ll ola Vi (elgesro) al stile <-1arelahZ-M-lae ay olu(ola 
https://twitter.com/SecurityJon/status/1445020885472235524 Witter] 

337 F-Secure Labs, Sniff, there leaks my BitLocker key https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/ "hive-crel 
338 Microsoft, BitLocker Countermeasures, Attacker countermeasures https://docs.microsoft.com/en- 
us/windows/security/information-protection/bitlocker/bitlocker-countermeasures [A'chive-ore] 
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e Run ~manage-bde -protectors -add c: -TPMAndPIN ~ (this will prompt you for a pre-boot password) 
o Enter a password or passphrase of your choice (a good one) 

e Run ~manage-bde -status~ 
o You should now see at your C: drive below “Key Protectors” the option “TPM and PIN” 

e You are done 


Now when you reboot your computer, you should ideally be prompted for: 
e A BIOS/UEFI boot password 
e AnSSD/HDD unlock password (if the feature is available on your BIOS) 
e A Bitlocker Pre-Boot Pin Screen where you need to enter the password/passphrase you just set-up 
e And finally, the Windows Logon Screen where you can enter the credentials you set-up earlier 


stare} o) (<M mil el-laarelulelam (e) oluleyar-10 

Again, as explained earlier. You should never use the sleep/stand-by feature to mitigate some cold-boot and evil- 
Maak-}(oMr-hair= [ol], <om [aki xr-(e A VOLU MS) a(ol¥] (ols) al Ui axo(o) Via me) al all ol-laal-in-mm COLUM) aol] (emaal-la-aiela-Bc\"\1 Kola MnvZol0l mir-] eine) omige)pams)(-(-1 0) [al -mne) 
hibernating when closing the lid or when your laptop goes to sleep. 


(Note that you cannot enable hibernation if you previously enabled RAM encryption within Veracrypt) 


The reason is that Hibernation will actually shut down your laptop completely and clean the memory. Sleep on the 
Coldatclan at-laremy dll m(ct-\Vcomu atom aalsleatelavm eX" (=)a-te mola (/arellU (oll alcanvcolll me (=tol ay, old(olalu <oi"p r=) ave mocol¥] (ol (=¥-\-m\Z010] am F<] ) Kole) 
AV] Tat=}or=] 6) (=m Ke Mexe) fe bs oleLo)mr-)a-lol aon 


By default, Windows 10 might not offer you this possibility so you should enable it by following this Microsoft 
tutorial: https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/disable-and-re-enable- 
hibernation Archve-cre] 

Cia ©) ol=ame-Jam-lelaalialcineslmolmmxolaalaat-latem e)ae)ealo)a (at:4 a) mxol|(ol.aola Mm @colanlant-larem agelan) olar-laleim \Ulam-kw-\olaalialkcine-]Kolam) 

e Run: powercfg.exe /hibernate on 

e Now run the additional command: *powercfg /h /type full” 

© This command will make sure your hibernate mode is full and will fully clean the memory (not 
securely tho). 


After that you should go into your power settings: 
e Open the Control Panel 
e Open System & Security 
e Open Power Options 
e Open “Choose what the power button does” 
e Change everything from sleep to hibernate or shutdown 
e Go back to the Power Options 
e Select Change Plan Settings 
e Select Advanced Power Settings 
e Change all the Sleep Values for each Power Plan to 0 (Never) 
e Make sure Hybrid Sleep is Off for each Power Plan 
e Enable Hibernate After the time you would like 
e Disable all the Wake timers 


Deciding which sub-route you will take: 
Now you will have to pick your next step between two options: 
Cn sColU in -W Wns) | a0] 0) (Ml ale avs old(o) amo) my {olU] mole] qa-)almOhs) 
oO Pros: 

=" Does not require you to wipe your laptop 
en \ Co S1U-M 1d 0 (eXer=] Mer] Kl (=¥-1.45 
=" Works fine with an SSD drive 
=" Works with any OS 
=" Simple 
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ommn Ge) as 
=" You could be compelled by an adversary to reveal your password and all your secrets and 
NV atehYZem alem e)(-LUksi1e)(-mel-lalt-] oi linva 
=" The danger of Online data leaks 
e Route B: Simple encryption of your current OS with later use of plausible deniability on files themselves: 
oO Pros: 
=" Does not require you to wipe your laptop 
=" Works fine with an SSD drive 
=" Works with any OS 
=  Plausible deniability is possible with “soft” adversaries 


=" The danger of Online Data leaks 
Lm Wat =We f- a¥ X=) ao) i MoYer-) im DY) =a (=¥-], <M (ida ¥-] MMW YA | (e¥-(e MOM agto) a=W co) a qino Well -¥-] aM) om daleys(<¥ (<t-],<3)) 
e Route C: Plausible Deniability Encryption of your Operating system (you will have a “hidden OS” and a 
mol =Yoro\ a Os year av] alaliay-melamdaleu f-]e)e)e) 
Oo Pros: 
= No issues with local Data leaks 
= Plausible deniability is possible with “soft” adversaries 


= Requires Windows (this feature is not “easily” supported on Linux). 

= The danger of online Data leaks 

=" Requires full wipe of your laptop 

= No use with an SSD drive due to the requirement of disabling Trim??? Operations*”°. This will 
severely degrade the performance/health of your SSD drive over time. 


As you can see, Route C only offers two privacy advantages over the others, and it will only be of use against a soft 
lawful adversary. Remember https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis 'i«!ess] [Archive.org] | 


Deciding which route you will take is up to you. Route A is a minimum. 


Always be sure to check for new versions of Veracrypt frequently to ensure you benefit from the latest patches. 
Especially check this before applying large Windows updates that might break the Veracrypt bootloader and send 
you into a boot loop. 


NOTE THAT BY DEFAULT VERACRYPT WILL ALWAYS PROPOSE A SYSTEM PASSWORD IN QWERTY (display the 
password as a test). This can cause issues if your boot input is using your laptop’s keyboard (AZERTY for example) 
as you will have set up your password in QWERTY and will input it at boot time in AZERTY. So, make sure you 
check when doing the test boot what keyboard layout your BIOS is using. You could fail to log in just because of 
the QWERTY/AZERTY mix-up. If your BIOS boots using AZERTY, you will need to type the password in QWERTY 
within Veracrypt. 


Route A and B: Simple Encryption using Veracrypt (Windows tutorial) 
Skip this step if you used BitLocker instead earlier. 


bolU Ime (oN ao) Mm aY-)V.-m KON aT-)V{-Wr- [alu nD) Dolan dal Mm aal-iuavoropar-}ale Mycol Me lom volun al-l-(om cole|Kx-]o)(-m NaleameamaalMaelein-mm Naleam(=t-) mul 
only be of use to forensics in detecting the presence of a Hidden Volume but will not be of much use otherwise. 


This route is rather straightforward and will just encrypt your current Operating System in place without losing any 
data. Be sure to read all the texts Veracrypt is showing you, so you have a full understanding of what is going on. 
Here are the steps: 
e Launch VeraCrypt 
e Go into Settings: 
o Settings > Performance/driver options > Encrypt RAM 


339 Wikipedia, Trim https://en.wikipedia.org/wiki/Trim_ (computing) !iKiless] [Archive.ore] 


340 Veracrypt Documentation, Trim Operations https://www.veracrypt.fr/en/Trim%20Operation.html A'chive-crel 
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o System > Settings > Security > Clear keys from memory if a new device is inserted 
o System > Settings > Windows > Enable Secure Desktop 
e Select System 
e Select Encrypt System Partition/Drive 
Cimesy-) (=1ei em \ Co) a aate]im Osiine] ®)(<)) 
e Select Single-Boot 
e Select AES as encryption Algorithm (click the test button if you want to compare the speeds) 
e Select SHA-512 as hash Algorithm (because why not) 
e Enter a strong passphrase (longer the better, remember Appendix A2: Guidelines for passwords and 
passphrases) 
e Collect some entropy by randomly moving your cursor around until the bar is full 
e Click Next as the Generated Keys screen 
e Torescue disk** or not rescue disk, well that is up to you. | recommend making one (just in case), just make 
sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for 
guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. 
e Wipe mode: 
o If you have no sensitive data yet on this laptop, select None 
o If you have sensitive data on an SSD, Trim alone should take care of it?47 but | would recommend one 
pass (random data) just to be sure. 
o If you have sensitive data on an HDD, there is no Trim, and | would recommend at least 1-pass. 
e Test your setup. Veracrypt will now reboot your system to test the bootloader before encryption. This test 
must pass for encryption to go forward. 
e After your computer rebooted and the test is passed. You will be prompted by Veracrypt to start the 
encryption process. 
e Start the encryption and wait for it to complete. 
e You are done, skip Route B and go to the next steps. 


There will be another section on creating encrypted file containers with Plausible Deniability on Windows. 


Route B: Plausible Deniability Encryption with a Hidden OS (Windows only) 
This is only supported on Windows. 


This is only recommended on an HDD drive. This is not recommended on an SSD drive. 


Your Hidden OS should not be activated (with an MS product key). Therefore, this route will recommend and 
guide you through a full clean installation that will wipe everything on your laptop. 


Read the Veracrypt Documentation 
https://www.veracrypt.fr/en/VeraCrypt%20Hidden%200perating%20System.html '""e--rél (Process of Creation of 
im lKelol=Yam@)el-le-ial alas’ X-10 0 oY-] 09 eel ale] 
https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html hWve--r8l (Security 
Requirements and Precautions Pertaining to Hidden Volumes). 


This is how your system will look after this process is done: 


341 Veracrypt Documentation, Rescue Disk https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html A’chive.ors] 
342 St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis 


https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds A’chive.orel 
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Partition 1 Partition 2 





(Illustration from Veracrypt Documentation, https://veracrypt.fr/en/VeraCrypt%20Hidden%200perating%20System.html 
[Archive td) 


As you can see this process requires you to have two partitions on your hard drive from the start. 


This process will do the following: 

Ci 1 aYol avs om o LU] emsX-Yoro) ato of-]auid(o)aM (a al-MolUin-) anv) 0 laat=) maat-1en' Uli M (ele) alll <oW-lam lan) lnm Ulalcolaant-iancte Melis q@igelaamaatc) 
(o[-1e)V Os 

e Prompt you with the opportunity to copy some decoy content within the outer volume. 

omen NATE YY al=1q=MVZOLUINYZ1| exo] oNYAYZ010] mre l=Yoro\a-V ali aal=¥Arxe)a amare) i(=Yerd(olamicelaaMce)pat=M=>.4n-)aal-] Mat-TaemolaiV(-maom data 
outer volume. 

e Create a hidden volume within the outer volume of that second partition. This is where the hidden OS will 
reside. 

Caen Gl Co) a(-mLolU] mol aa =lala\ maul alaliar-m i alateten am AO MT atcin=]if-1ulo)ame)ainomaat-m alte le(-lamvco)iUlaat=e 

e Wipe your currently running Windows 10. 

e This means that your current Windows 10 will become the hidden Windows 10 and that you will need to 
reinstall a fresh decoy Windows 10 OS. 


Mandatory if you have an SSD drive and you still want to do this against the recommendation: Disable SSD Trim in 
Windows? (again this is NOT recommended at all as disabling Trim in itself is highly suspicious). Also as 
mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its 
performance over time (your laptop will become slower and slower over several months of use until it becomes 
almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent 
data leaks*™ that could allow forensics to defeat your plausible deniability**°*“°. The only way around this at the 
moment is to have a laptop with a classic HDD drive instead. 


Step 1: Create a Windows 10 install USB key 
See Appendix C: Windows Installation Media Creation and go with the USB key route. 


Step 2: Boot the USB key and start the Windows 10 install process (Hidden OS) 
e Insert the USB key into your laptop 
e See Appendix A: Windows Installation and proceed with installing Windows 10 Home. 


343 WindowsCentral, Trim Tutorial https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd- 
performance [A'chive.org] 

344 Veracrypt Documentation, Trim Operation https://veracrypt.eu/en/docs/trim-operation/ *chive-cre] 

345 Black Hat 2018, Perfectly Deniable Steganographic Disk Encryption https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub- 
Perfectly-Deniable-Steganographic-Disk-Encryption.paf A’chive.or8] 


346 Milan Broz’s Blog, TRIM & dm-crypt ... problems? http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html 
[Archive org] 
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Step 3: Privacy Settings (Hidden OS) 
See Appendix B: Windows Additional Privacy Settings 


Sinz) or San VA=l ae lol AZ Olea akcine=] i tehule)aie-) aem lave avd old(olame)gele=iscucie-) gem (nl (e(o(-1aM@)s)) 
Remember to read https://www.veracrypt.fr/en/VeraCrypt%20Hidden%200perating%20System.html *chive.ore] 


Do not connect this OS to your known Wi-Fi. You should download the Veracrypt installer from a different computer 
and copy the installer here using a USB key. Here are the steps: 


Install Veracrypt 
Start Veracrypt 
Go into Settings: 

o Settings > Performance/driver options > Encrypt RAM (note that this option is not compatible with 
atlex=taat-laColaMmtZolelam t-lelme)o-lae Man t=r-lacmycelUMU || Mol-\V(-M com aleimolol amore lene) (-1n-11)] 

o System > Settings > Security > Clear keys from memory if a new device is inserted 

o System > Settings > Windows > Enable Secure Desktop 

Go into System and select Create Hidden Operating System 

Read all the prompts thoroughly 

Y=} (Youmans) [a}=4(=t9 sXolo) mime] colany o1ncre, 

Create the Outer Volume using AES and SHA-512. 

UkX-W-} | io al = macy of-(X=W-)VZ-] | f=] 0) (Mo) amaal-mcr-l ae) ale of-]aaiu(o) amie) mual-mOlUln-Tanv(o)[U]aal-) 

Use a strong passphrase (remember Appendix A2: Guidelines for passwords and passphrases) 
Select yes to Large Files 

Create some Entropy by moving the mouse around until the bar is full and select NTFS (do not select exFAT 
as we want this outer volume to look “normal” and NTFS is normal). 

Format the Outer Volume 

Open Outer Volume: 

o Atthis stage, you should copy decoy data onto the outer volume. So, you should have some 
sensitive but not so sensitive files/folders to copy there. In case you need to reveal a password to 
this Volume. This is a good place for your Anime/Mp3/Movies/Porn collection. 

omen a=) nalaat=1are Mole mecom acelmnil|maat-Molbin=)anco)[0/aat-muoloMaale lel aie) aucofoM liad (-M (=) ofelUim~(O)/.) mm \-laat-1an] ol-1anvZole] 
must leave enough space for the Hidden OS (which will be the same size as the first partition you 
created during installation). 

Use a strong passphrase for the Hidden Volume (obviously a different one than the one for the Outer 
AV{o) [VI ant=) B 

Now you will create the Hidden Volume, select AES and SHA-512 

Fill the entropy bar until the end with random mouse movements 

Format the hidden Volume 

Proceed with the Cloning 

Veracrypt will now restart and Clone the Windows where you started this process into the Hidden Volume. 
This Windows will become your Hidden OS. 

When the cloning is complete, Veracrypt will restart within the Hidden System 

Veracrypt will inform you that the Hidden System is now installed and then prompt you to wipe the Original 
OS (the one you installed previously with the USB key). 

Use 1-Pass Wipe and proceed. 

Now your Hidden OS will be installed, proceed to the next step 


Step 5: Reboot and boot the USB key and start the Windows 10 install process again (Decoy OS) 
Now that the Hidden OS is fully installed, you will need to install a Decoy OS: 


Insert the USB key into your laptop 
See Appendix A: Windows Installation and proceed with installing Windows 10 Home again (do not install a 
different version and stick with Home). 
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Step 6: Privacy settings (Decoy OS) 
See Appendix B: Windows Additional Privacy Settings 


Step 7: Veracrypt installation and encryption process start (Decoy OS) 
Now we will encrypt the Decoy OS: 

e Install Veracrypt 

e Launch VeraCrypt 

e Select System 

e Select Encrypt System Partition/Drive 

e Select Normal (Simple) 

e Select Single-Boot 

e Select AES as encryption Algorithm (click the test button if you want to compare the speeds) 

e Select SHA-512 as hash Algorithm (because why not) 

e Enter a short weak password (yes this is serious, do it, it will be explained later). 

e Collect some entropy by randomly moving your cursor around until the bar is full 

e Click Next as the Generated Keys screen 

e Torescue disk*”’ or not rescue disk, well that is up to you. | recommend making one (just in case), just make 
sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for 
guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. 

e Wipe mode: Select 1-Pass just to be safe 

e Pre-Test your setup. Veracrypt will now reboot your system to test the bootloader before encryption. This 
test must pass for encryption to go forward. 

Cie Nix=lanv (ol) mrorolan) olUin-) an a=) ofefeyaclom-] ale madam «=e [om oy- [X10 Am COLO IAI of= Wy 6) oan) oln-Youl o)VAAV(-1e-\olaY 0] mmo mcir-] aun al-) 
encryption process. 

Cees) i) dem aM) (olay od(olair-late MN -)imce)aimnomeolaaye)(-1k-m 

e Your Decoy OS is now ready for use. 


Step 8: Test your setup (Boot in Both) 
Time to test your setup: 

Cin (=) ofofoyer-y are Mia) olUimm\ol0/au nl lole ll am Oi of-|-13) 0) a1 e-\{-Fm 010) a(olUl (ol ofoLolan iV idallamual-m mi(olo(-1a Ose 

e Reboot and input your Decoy OS passphrase, you should boot within the Decoy OS. 

e Launch Veracrypt on the Decoy OS and mount the second partition using the Outer Volume Passphrase 
‘(aatolU al emiar-lom at-lo bro) al hVam o)vasxo)l ala aiken \V/ (010) a) m@) 0) dle) alow) alomsY=l(cYoid] atoms nxc¥-(e Ola) iva] alo mien) avol0) (om aatol¥laymual= 
cYeroo) Yelm of-]aul [ela W-|ou- Wm =F-Le Pro) a) \Vmel iso) F-\VAlavomnZol0] mol Yoo \mol-\ 2M (VZoLUlay-Vallaate¥A exe) qamere) | (Youdio)ay Mm ColU I=] acm antolUlalaiavea ie 
FIM cy (ool al Na are)’\Val ol =\er-1UKX=M lmnYZOlU MN -1a-mcoM/ dia -Mol-1t- Mo) alam olU Maol0|(oMo)V-laalo(-moolali-lalmigeleamelela@nllele(-1am Ose 


Step 9: Changing the decoy data on your Outer Volume safely 

Before going to the next step, you should learn the way to mount your Outer Volume safely for writing content on it. 
This is also explained in this official Veracrypt Documentation 
https://www.veracrypt.fr/en/Protection%200f%20Hidden%20Volumes.html 4vchive-ors] 


You should do this from a safe trusted place. 


Basically, you are going to mount your Outer Volume while also providing the Hidden Volume passphrase within the 
Mount Options to protect the Hidden Volume from being overwritten. Veracrypt will then allow you to write data to 
id a{-MO]Uin-] mre) [Ulaat-mUialol lagi) dlatemo\i-lanUaidl alae) alae l-le-Melamdarom al(olel-laMce) anton 


e Open Veracrypt 

e Select your Second Partition 

e = §=Click Mount 

e Click Mount Options 

e Check the “Protect the Hidden volume...” Option 


347 Veracrypt Documentation, Rescue Disk https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html A’chive-ors] 
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e Enter the Hidden OS passphrase 


e Click OK 
e Enter your Outer Volume passphrase 
e Click OK 


Cin Coli) alol0| (ol alo) iva of ==] 0) (<M koe) ol-1am-laloMNVain-maeM {e/a OlUin-1 mo) [Ul aal-m komo ar-latx-mual-moolali-lals 
(copy/move/delete/edit...) 


a alkswo) ol=)e-1u lo) amu ili maceler-leinll-] | hymaatolll ava dal=Wnlfee(-yamvco)[Ulaatcm-] ale Mc alol0l (ol o)a-\Vi-) aim aloMolg-t- dle) ameym-] ah’mce) c=) aii em =" (0 (=) alee) 
ivaf-yexerol0] (oll =¥-(olm Kola al -Mol (ere)'{-1 aVmro) md al=m allele lla Oem mle)! (-\"(-1em all (omZelUM-] am l=] axe)aanliat-maal Me) eX) e-1 (0) am ole) aa) 
passwords will be stored in your RAM and therefore you could still be susceptible to a Cold-Boot Attack. To mitigate 
this, be sure to have the option to encrypt your RAM too as instructed before. 


Step 10: Leave some forensics evidence of your outer Volume (with the decoy Data) within your Decoy OS 
AVAV{=W a a1 UKs} ml a=] <M al =m DY=Loce) "al © sr lo 0) f= 10 Is)] 0} (=¥r-oM oLoks}] 0) (MANY (=Mr-] KONE] mnYZolU] mr-le hVi=lact-]aVmkom dali al qnvolUm-) qm alolan dl at- 1m) per-] am 


Therefore, it is important to voluntarily leave some forensic evidence of your Decoy Content within your Decoy OS. 
This evidence will let forensic examiners see that you mounted your Outer Volume frequently to access its content. 


Here are useful tips to leave some forensics evidence: 
e Play the content from the Outer Volume from your Decoy OS (using VLC for instance). Be sure to keep a 

history of those. 

Edit Documents and work on them. 

Enable File Indexing again on the Decoy OS and include the Mounted Outer Volume. 

e Unmount it and mount it frequently to watch some Content. 

e Copy some Content from your Outer Volume to your Decoy OS and then delete it unsafely (just put it in the 
recycle Bin). 

e Have a Torrent Client installed on the Decoy OS use it from time to time to download some similar stuff that 
you will leave on the Decoy OS. 

e You could have a VPN client installed on the Decoy OS with a known VPN of yours (non-cash paid). 


Do not put anything suspicious on the Decoy OS such as: 
e This guide 
e Any links to this guide 
e Any suspicious anonymity software such as Tor Browser 


Notes: 
Remember that you will need valid excuses for this plausible deniability scenario to work: 
e You are using Veracrypt because you are using Windows 10 Home which does not feature Bitlocker but 
still wanted Privacy. 
e You have two Partitions because you wanted to separate the System and the Data for easy organization 
and because some Geek friend told you this was better for performance. 
e You have used a weak password for easy convenient booting on the System and a Strong long passphrase 
on the Outer Volume because you were too lazy to type a strong passphrase at each boot. 
e You encrypted the second Partition with a different password than the System because you do not want 
Van olarem aM CelUla-Vancolele-\-<-mcomy-1-M (oll alll ame Vale momm Coll mello Malolm c-lalmdit-lmel-1e-M-)\'7-l1l-]¢) (“mi cem-lay(eli(ee 


Take some time to read again the “Possible Explanations for Existence of Two Veracrypt Partitions on Single Drive” of 
the Veracrypt documentation here 
https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html 4rchve-crel 


Be careful: 


e You should never mount the Hidden Volume from the Decoy OS (NEVER EVER). If you did this, it would 
create forensics evidence of the Hidden Volume within the Decoy OS that could jeopardize your attempt 
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at plausible deniability. If you did this anyway (intentionally or by mistake) from the Decoy OS, there are 
ways to erase forensics evidence that will be explained later at the end of this guide. 

e Never Use the Decoy OS from the same network (public Wi-Fi) as the Hidden OS. 

e When you do mount the Outer Volume from the Decoy OS, do not write any Data within the Outer 
Volume as this could override what looks like Empty Space but is in fact your Hidden OS. You should 
always mount it as read-only. 

e If you want to change the Decoy content of the Outer Volume, you should use a Live OS USB Key that will 
run Veracrypt. 

e Note that you will not use the Hidden OS to perform sensitive activities, this will be done later from a VM 
within the Hidden OS. The Hidden OS is only meant to protect you from a soft adversary that could gain 
access to your laptop and compel you to reveal your password. 

e Becareful of any tampering with your laptop. Evil-Maid Attacks can reveal your hidden OS. 


Virtualbox on your Host OS: 
Remember Appendix W: Virtualization. 


This step and the following steps should be done from within the Host OS. This can either be your Host OS with 
cian) odlemalarrayd e1ecelam Ai dlareLen NAVAN ALeh¢Anat-le Obs) eo) mnvol0lal alte lol=)am Ohmi am olt-lUK] 0) (-Mel-Valt-le)iiiava AulAlareCohiVicmey al Va B 


In this route, we will make extensive use of the free Oracle Virtualbox>“® software. This is a virtualization software in 
which you can create Virtual Machines that emulate a computer running a specific OS (if you want to use something 
else like Xen, Qemu, KVM, or VMWARE, feel free to do so but this part of the guide covers Virtualbox only for 
convenience). 


So, you should be aware that Virtualbox is not the virtualization software with the best track record in terms of 
security and some of the reported issues**? have not been completely fixed to this date? and if you are using Linux 
with a bit more technical skills, you should consider using KVM instead by following the guide available at Whonix 
here https://www.whonix.org/wiki/KVM [rchve-orl and here 
https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F chivecrs] 


Some steps should be taken in all cases: 


All your sensitive activities will be done from within a guest Virtual Machine running Windows 10 Pro (not Home 
this time), Linux, or macOS. 


This has a few advantages that will help you remain anonymous: 

e It should prevent the guest VM OS (Windows/Linux/macOS), Apps, and any telemetry within the VMs from 
accessing your hardware directly. Even if your VM is compromised by malware, this malware should not be 
able to the VM and compromise your actual laptop. 

e It will allow us to force all the network traffic from your client VM to run through another Gateway VM that 
will direct (torify) all the traffic towards the Tor Network. This is a network “kill switch”. Your VM will lose its 
ralua’cela exexolalatcLoudhVdimym ee) aay e) (inc) \var-) ale m=<oMoy ail aloM lima al=Mold al=1anvd \V/M lesX-toM | mcmoro) al al -Lod (olalncolaal-ml Kola (-1ai Vola. e 

e The VM itself that only has internet connectivity through a Tor Network Gateway will connect to your cash- 
paid VPN service through Tor. 

e DNS Leaks will be impossible because the VM is on an isolated network that must go through Tor no matter 
what. 


Pick your connectivity method: 
There are seven possibilities within this route: 
e Recommended and preferred: 
o Use Tor alone (User > Tor > Internet) 
o Use VPN over Tor (User > Tor > VPN > Internet) in specific cases 


348 Wikipedia, Virtualbox https://en.wikipedia.org/wiki/VirtualBox 'Wikiless] [Archive.org] 
349 VirtualBox Ticket 17987 https://www.virtualbox.org/ticket/17987 [Archivecrel 


350 Whonix Documentation, Spectre Meltdown, https://www.whonix.org/wiki/Spectre_Meltdown#VirtualBox A"chive-orel 
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o Usea VPS with a self-hosted VPN/Proxy over Tor (User > Tor > Self-Hosted VPN/Proxy > Internet) 
in specific cases 
e Possible if required by context: 
o Use VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) 
o Use Tor over VPN (User > VPN > Tor > Internet) 
e Not recommended and risky: 
o Use VPN alone (User > VPN > Internet) 
o Use VPN over VPN (User > VPN > VPN > Internet) 
e Not recommended and highly risky (but possible) 
o NoVPN and no Tor (User > Internet) 


: 4 Can you safely use Can you safely use 
Pick your connectimity eos ly spony 


You can use Tor so 
see the “Tor over 


VPN” option. 
Optional Route Left 


(Recommended) 
Warning: VPN over Tor can limit your See the “Tor only” 
protection from Tor Stream Isolation. option. 





a alksm ism atom ola-vicla acre r-] elem aaloysimia-toce) aalant=lalel-le myo) 0iule)ep 


Host OS Network on Public Wi-Fi 
Xe) t-ha=te MN\VAate) alba Meler-] MN (-2a\Ze) 8 4 


Encrypted Tor Network 


‘S\ae-t-Vea Wl ke) -)ele) am ess] 6) [-9) 


Virtual Machine Internet Services 





NViidamaal wc) [Ulate)apar-]] Moll am al=iaNviold qr-xol-sowm ua) col0)-4 MM Ko) gur-]alom ims alol0) (oll of -McU) ai (ol[=laimnem40l-]e-]aln-\-m\ZolU] mr-laleyanZanviavallal 
most cases. 


There is one main drawback tho: Some services block/ban Tor Exit nodes outright and will not allow account 
creations from those. 


To mitigate this, you might have to consider the next option: VPN over Tor but consider some risks associated with it 
explained in the next section. 


This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service 
would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor 
Exit Nodes (see | ject tOfServi mores) 


This solution can be achieved in two ways: 
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e Paid VPN over Tor (easiest) 
e Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in avoiding online obstacles such as captchas 
but requiring more skills with Linux) 


As you can see in this illustration, if your cash (preferred)/Monero paid VPN/Proxy is compromised by an adversary 
'CoL=Xy ol] Rem nat=li am ©) MAVZeLon AES Re N=) natal alune) aVo avers (oyede4|avom ofe) |[oll=X-) Mma aTeNVAAUYII ela) \analavemrclalre] ave) anvnaleleisner-13 aVA\V/Lelalsl col er-J (| 
VPN/Proxy account connecting to their services from a Tor Exit node. 


Virtual Machine Internet Services 





If an adversary somehow manages to compromise the Tor network too, they will only reveal the IP of a random 
public Wi-Fi that is not tied to your identity. 


If an adversary somehow compromises your VM OS (with malware or an exploit for instance), they will be trapped 
within the internal Network of Whonix and should be unable to reveal the IP of the public Wi-Fi. 


This solution however has one main drawback to consider: Interference with Tor Stream Isolation?**. 


Stream isolation is a mitigation technique used to prevent some correlation attacks by having different Tor Circuits 
for each application. Here is an illustration to show what stream isolation is: 


351 Whonix Documentation, Stream Isolation https://www.whonix.org/wiki/Stream_Isolation A’chive-orel 
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(Illustration from Marcelo Martins, ak b/er ed-via rchive.org)y 





VPN/Proxy over Tor falls on the right-side*°? meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all 
activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the 
effectiveness of Tor in some cases and should therefore be used only for some specific cases: 
CAVA tela ol0) aol Siu) at-la(o) almsi =) aVd (We (oY=\°M alo) a=) (0) VAN Ko) al => di mi alolo(=1cp 
e When you do not mind using a shared Tor circuit for various services. For instance, when using various 
authenticated services. 


You should however consider not using this method when your aim is just to browse random various 
unauthenticated websites as you will not benefit from Stream Isolation and this could make correlation attacks 
easier over time for an adversary between each of your sessions (see Your a a) fic). If your 
goal however is to use the same identity at each session on the same authenticated services, the value of Stream 
isolation is lessened as you can be correlated through other means. 


You should also know that Stream Isolation is not necessarily configured by default on Whonix Workstation. It is only 
pre-configured for some applications (including Tor Browser). 


Also, note that Stream Isolation does not necessarily change all the nodes in your Tor circuit. It can sometimes only 
change one or two. In many cases, Stream Isolation (for instance within the Tor Browser) will only change the relay 
Coalkele|(=) mareYel=Welavoldat-M=d dimmatere(-MNl al] (Wu <t-) e) [aya dalemct-]aalcwc4Ul-1n0m (-eldava Malole(=e 


More information at: 


352 Whonix Documentation, Tunnels Comparison Table, 
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e https://tails.boum.org/contribute/design/stream_isolation/ “"hve os! 
e = https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table "hive-orl 


Tor over VPN: 
You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? Well, | would not 
necessarily it: 

= Disadvantages: 

o Your VPN provider is just another ISP that will then know your origin IP and will be able to de- 
anonymize you if required. We do not trust them. | prefer a situation where your VPN provider does 
not know who you are. It does not add much in terms of anonymity. 

o This would result in you connecting to various services using the IP of a Tor Exit Node which is 
banned/flagged in many places. It does not help in terms of convenience. 

=» Advantages: 

o The main advantage is that if you are in a hostile environment where Tor access is 
impossible/dangerous/suspicious, but VPN is okay. 

o This method also does not break Tor Stream isolation. 

omen N alicwr-] Xo al (e (=m el0] ame) ar Lela \id( =m ige)aamelelmaat-liam se 


Note, if you are having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges. 
See Appendix X: Using Tor bridges in hostile environments. 


It is also possible to consider VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) using two cash/Monero 
paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix 
will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see 
https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor /rchive.crel)_ 


This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere 
for achieving reasonable anonymity. 


Achieving this technically is easy within this route, you need two separate anonymous VPN accounts and must 
connect to the first VPN from the Host OS and follow the route. 


Conclusion: Only do this if you think using Tor alone is risky/impossible but VPNs are okay. Or just because you can 
and so why not. This method will not lower your security/privacy/anonymity. 


VPN only: 
This route will not be explained nor recommended. 


If you can use VPNs then you should be able to add a Tor layer over it. And if you can use Tor, then you can add an 
anonymous VPN over Tor to get the preferred solution. 


Just using a VPN or even a VPN over VPN makes no sense as those can be traced back to you over time. One of the 
VPN providers will know your real origin IP (even if it is in a safe public space) and even if you add one over it, the 
second one will still know you were using that other first VPN service. This will only slightly delay your de- 
anonymization. Yes, it is an added layer ... but it is a persistent centralized added layer, and you can be de- 
anonymized over time. This is just chaining 3 ISPs that are all subject to lawful requests. 


For more info, please see the following references: 

e = https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_ Proxies, Proxy _Chains, and_VPN_Services#T 
or_and_VPN_Services_Comparison "hive.orel 

e = https://www.whonix.org/wiki/Why_does_Whonix_use_Tor /rchive.ors] 

e https://www.researchgate.net/publication/324251041_ Anonymity_communication_VPN_and_Tor_a_comp 
arative_study *chive.ore] 

e https://gist.github.com/joepie91/5a9909939e6ce7d09e29#file-vpn-md Archive ore] 

e = https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html “chiveors] 
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In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should 
use it if you can. 


INTO VAIN Ae) as 
If you cannot use VPN nor Tor where you are, you probably are in a very hostile environment where surveillance and 
control are extremely high. 


Just do not, it is not worth it and too risky IMHO. You can be de-anonymized almost instantly by any motivated 
rJo\=l act-] ava day-] mM ool0)| (olm=<=1 MRO Mole] mye) anvasi(er-] (oler-id(o)a Mi am-Waat-idas) melmanlialelncse 


Do not forget to check back on Adversaries (threats) and Appendix S: Check your network for 
surveillance/censorship using OONI. 


If you have absolutely no other option and still want to do something, see Appendix P: Accessing the internet as 
safely as possible when Tor/VPN is not an option (at your own risk) and consider The Tails route instead. 





























Conclusion: 

Connection Anonymity | Ease of Tor Safer where | Speed Cost Recommended 

Type Access to | Stream Tor is 

online isolation | suspicious/ 
resources dangerous 

Tor Alone (efeyere| Medium | Possible | No Medium Free Yes 

Tor over VPN | (000+ Medium | Possible | Yes Medium | Around If needed (Tor 
50€/y inaccessible) 

Tor over VPN | Best Medium | Possible | Yes Poor PV cole Tale| Yes 

over Tor 50€/y 

VPN over Tor | Good- (efeyere| No iN Te) Medium | Around him al=t=xe(=1e| 
50€/y (convenience) 

Self-Hosted Good- Very To) Yes Medium | Around him at=t=xe (=Xe| 

VPS Good UH AY (convenience) 

VPN/Proxy 

Co) V{=1 a Ke) g 

VPN/Proxy Good- Good No Yes cele) g PV gel lave! If needed 

Co\V{=1 a Ke) ao) V(21 8 100€/y (convenience 

VPN FTavelm Kol 

inaccessible) 

VPN/Proxy Bad Good NEN Yes feTefeye| PN golt tare! No. 

Alone 50€/y 

I Colm Ke) ar- Tare | Bad Unknown | N/A Ne) feTefee| Around 100€ | No. 

VPN (Antenna) 





























Unfortunately, using Tor alone will raise the suspicion of many destinations’ platforms. You will face many hurdles 
(captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in 
trouble just for that. But Tor is still the best solution for anonymity and must be somewhere for anonymity. 


e If you intend to create persistent shared and authenticated identities on various services where access from 
Tor is hard, | recommend the VPN over Tor and VPS VPN/Proxy over Tor options (or VPN over Tor over VPN 
if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but 
provides much better convenience in accessing online resources than just using Tor. It is an “acceptable” 
trade-off IMHP if you are careful enough with your identity. 

o Note: It is becoming more common that mainstream services and CDNS are also blocking or 
hindering VPN users with captchas and other various obstacles. In that case, a self-hosted VPS 
with a VPN/Proxy over Tor is the best solution for this as having your own dedicated VPS 
guarantees you are the sole user of your IP and encounter little to no obstacles. Consider a Self- 
hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux) if you want the 
least amount of issues (this will be explained in the next section in more details). 
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e If your intent however is just to browse random services anonymously without creating specific shared 
identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. 
Then | recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN 
if you need to). 

e If cost is an issue, | recommend the Tor Only option if possible. 

e If both Tor and VPN access are impossible or dangerous then you have no choice but to rely on Public wi-fi 
safely. See Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option 


For more information, you can also see the discussions here that could help decide yourself: 
© Tor Project: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN Archive.ore] 
e Tails Documentation: 
o https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/ “chve-o) 
o = https://tails.boum.org/support/fag/index.en.html#index20h2 Mrchive.ors] 
e Whonix Documentation (in this order): 
o  https://www.whonix.org/wiki/Tunnels/Introduction 4’hve-ors] 
o https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN [Archive.ors] 
o  https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor Archive-crs] 
e Some papers on the matter: 
o https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_ 
a_comparative_study [rchive.org] 


Getting an anonymous VPN/Proxy: 
Skip this step if you want to use Tor only. 


See Appendix O: Getting an anonymous VPN/Proxy 


NAVA akol ale 
Skip this step if you cannot use Tor. 


This route will use Virtualization and Whonix?? as part of the anonymization process. Whonix is a Linux distribution 
composed of two Virtual Machines: 
e The Whonix Workstation (this isa VM where you can conduct sensitive activities) 
e The Whonix Gateway (this VM will establish a connection to the Tor network and route all the network 
traffic from the Workstation through the Tor network). 


This guide will therefore propose two flavors of this route: 
e The Whonix only route where all traffic is routed through the Tor Network (Tor Only or Tor over VPN). 


353 Wikipedia, Whonix https://en.wikipedia.org/wiki/Whonix !Wikiless] [Archive.org] 
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Normal or VPN Connection 
(Randomized Mac Address, Telemetry Blocked, Unused) 


Isolated Whonix Network 


Connection over Tor 
(Stream Isolation Possible) 


Windows 10/Whonix Workstation/ 
Linux/MacOS VM 
(Anonymous Activities) 





e A Whonix hybrid route where all traffic is routed through a cash (preferred)/Monero paid VPN over the Tor 
Network (VPN over Tor or VPN over Tor over VPN). 





Normal or VPN Connection 
(Randomized Mac Address, Telemetry Blocked, Unused) 


Cash-Paid VPN Connection over Tor 
(Warning: No Stream Isolation in Effect) 


Windows 10/Whonix Workstation/ 
MacOS/Linux VM 
(Anonymous Activities) 








by COLUMN eX=u-] 0) (= moe (=Lol(o(=MUVZal (el alma t-hVolm Ko MU=m of-1\-Lo Mola anna ac=vero)aalant=varer-ia(ea ison Ma sveroaalaal=)alem dal=msi-\ere) alee) aii- ks 
explained before. 


Whonix is well maintained and has extensive and incredibly detailed documentation. 


Later, you will create and run several Virtual Machines within Virtualbox for your sensitive activities. Virtualbox 
provides a feature called “Snapshots”? that allow for saving the state of a VM at any point in time. If for any reason 
later you want to go back to that state, you can restore that snapshot at any moment. 


I strongly recommend that you do make use of this feature by creating a snapshot after the initial 
installation/update of each VM. This snapshot should be done before its use for any sensitive/anonymous activity. 





354 Oracle Virtualbox Manual, Snapshots https:/ 
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This will allow you to turn your VMs into a kind of disposable “Live Operating Systems” (like Tails discussed earlier). 
Meaning that you will be able to erase all the traces of your activities within a VM by restoring a Snapshot to an 
earlier state. Of course, this will not be “as good” as Tails (where everything is stored in memory) as there might be 
traces of this activity left on your hard disk. Forensics studies have shown the ability to recover data from a reverted 
VM>*°°. Fortunately, there will be ways to remove those traces after the deletion or reverting to an earlier snapshot. 
Such techniques will be discussed in the Some additional measures against forensics section of this guide. 


Download Virtualbox and Whonix utilities: 
You should download a few things within the host OS: 
e The latest version of the Virtualbox installer according to your Host OS 
https://www.virtualbox.org/wiki/Downloads /’chive.ore] 
e (Skip this if you cannot use Tor natively or through a VPN) The latest Whonix OVA file from 
https://www.whonix.org/wiki/Download /'e-"'el according to your preference (Linux/Windows, with a 
Desktop interface XFCE for simplicity or only with the text-client for advanced users) 


This will conclude the preparations and you should now be ready to start setting up the final environment that will 
protect your anonymity online. 


Virtualbox Hardening recommendations: 
For ideal security, you should follow the recommendations provided here for each Virtualbox Virtual Machine 
https://www.whonix.org/wiki/Virtualization_Platform_Security#VirtualBox_Hardening “hve--r8) ; 
Ce D) Isr] 0) (= NU le (oe 
Cem Blobs ato) mt=1at-10)(= Ms) al-]a-1om me) (el -) ace 
Can DYoM alo) mt =1 af] 0) (-m¥4DWe-\oce=) (=I er-10(0) apa al Me) al-m cme le) al-aUlalallat-mudal=mie) (en diet -merelan)aat-lare MmmaYAsiey 4\V/(-lar-t-<omanvexeliVAUan) 
“ym-id” --accelerate2dvideo on| off 
Cin DYoWs alo) m=1at-]0) (oy Di-(ea=1(-10-14(0) 0 
en Blood ao) mt=1at-10)(= Wid al= sy) 0-] ae) a 
e Remove the Floppy drive. 
e Remove the CD/DVD drive. 
e Do not enable the Remote Display server. 
e Enable PAE/NX (NX is a security feature). 
e Disable Advanced Configuration and Power Interface (ACPI). This one is done running the following 
command *VBoxManage modifyvm “vm-id” --acpi on| off’ 
Cian Blo alo) ar-] i -(el pUNS) 5 e(=\(8(c1p 
e Disable the USB controller which is enabled by default. Set the Pointing Device to "PS/2 Mouse" or changes 
will revert. 


Finally, also follow this recommendation to desync the clock you are your VM compared to your host OS 


https://www.whonix.org/wiki/Network_Time_Synchronization#Spoof_the_Initial_Virtual_ Hardware_Clock_Offset 
VNiel aY\Vimol ¢ 4 


This offset should be within a 60000-millisecond range and should be different for each VM and here are some 
examples (which can be later applied to any VM): 

e ~~ ~VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset -35017> > 

e ~~ ’VBoxManage modifyym "Whonix-Gateway-XFCE" --biossystemtimeoffset +27931 >” 

e ~~ VBoxManage modifyym "Whonix-Workstation-XFCE" --biossystemtimeoffset -35017-~ 

e ~~ VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset +27931 


Also, consider applying these mitigations from VirtualBox to mitigate Spectre?°°/Meltdown?”’ vulnerabilities by 
ravlalaliatmdalkmeelealaat-laleminelaamaat-mdladvl-)|sXo). al 1ao)z4e-1o am D)ig-Veike)avaw-\| Me) maal-\s\-W-]q-mo|-selg| o\-10 ll alk =e 


355 Utica College, FORENSIC RECOVERY OF EVIDENCE FROM DELETED ORACLE VIRTUALBOX VIRTUAL MACHINES 
https://web.archive.org/web/https://programs.online.utica.edu/sites/default/files/Neal_6 Gonnella_Forensic_Recovery_of_Evi 
dence_from_Deleted_Oracle_VirtualBox_Virtual_Machine.pdf 





356 Wikipedia, Spectre https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) Wikless! [Archive org] 
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https://www.whonix.org/wiki/Spectre_Meltdown 'hive-orél (be aware these can impact severely the performance of 
NVZOLU]AVANY/ Kc OLU] mS) LOL] (0M o-MoLolal-M celal ef-s] m1 -(ol0 a1" B 


Finally, consider the security advice from Virtualbox themselves here https://www.virtualbox.org/manual/ch13.html 
[Archive org] 


Tor over VPN: 
SYCfom dnl eed a=) om Tm ZelUmeCoMaCol am laicclelemcomely-M Kol aro)’(-1m"dod\\Mr-laloMolal\minic-lalem com UCY-¥y Kol ato) mor-lal alo) a 


If you intend to use Tor over VPN for any reason. You first must configure a VPN service on your host OS. 


Remember that in this case, | recommend having two VPN accounts. Both paid with cash/Monero (see Appendix O: 
Getting an anonymous VPN/Proxy). One will be used in the Host OS for the first VPN connection. The other could be 
used in the VM to achieve VPN over Tor over VPN (User > VPN > Tor > VPN). 


If you intend to only use Tor over VPN, you only need one VPN account. 
See Appendix R: Installing a VPN on your VM or Host OS for instructions. 


NAVA aXe) aly @nval dole) \VA-lelallaleise 
Skip this step if you cannot use Tor. 


e = Start Virtualbox on your Host OS. 

e Import Whonix file Into Virtualbox following the instructions on 
https://www.whonix.org/wiki/VirtualBox/XFCE rchive-crs] 

e =Start the Whonix VMs 


Remember at this stage that if you are having issues connecting to Tor due to censorship or blocking, you should 
consider connecting using Bridges as explained in this tutorial https://www.whonix.org/wiki/Bridges “™hveorel, 


e Update the Whonix VMs by following the instructions on 
https://www.whonix.org/wiki/Operating_System_Software_and_Updates#Updates 4’hive-ors] 

e Shutdown the Whonix VMs 

e Take a snapshot of the updated Whonix VMs within Virtualbox (select a VM and click the Take Snapshot 
button). More on that later. 

e Goto the next step 


Important Note: You should also read these very good recommendations over there 
https://www.whonix.org/wiki/DoNot ""'" °?! as most of those principles will also apply to this guide. You should 
also read their general documentation here https://www.whonix.org/wiki/Documentation “°°?! which will 
also provide tons of advice like this guide. 


Pick your guest workstation Virtual Machine: 

Using Whonix/Linux will require more skills on your side as these are Linux distributions. You will also encounter 
more difficulties if you intend to use specific software that might be harder to use on Whonix/Linux. Setting up a 
NVATANohV= am Ko) mre am'aVdarel alban Uii mre] Xen elem ante) a=maelanle)|(er-ln=re ma at-lamelam\valare(e\ usw K-11 6 


If you can use Tor: 

You can decide if you prefer to conduct your sensitive activities from the Whonix Workstation provided in the earlier 
section (highly recommended) or from a Custom VM that will use the Whonix Gateway like the Whonix Workstation 
(less secure but might be required depending on what you intend to do). 


If you cannot use Tor: 

If you cannot use Tor, you can use a Custom VM of your choice that will ideally use an anonymous VPN, if possible, 
to then connect to the Tor network. Or you could go with the risky route: See Appendix P: Accessing the internet as 
safely as possible when Tor and VPNs are not an option 


357 Wikipedia, Meltdown https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability) ikiless] [Archive.org] 
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Linux Virtual Machine (Whonix or Linux): 


Whonix Workstation (recommended and preferred): 
Skip this step if you cannot use Tor. 


Just use the provided Whonix Workstation VM. It is the safest and most secure way to go on this route. 
It is also the only VM that will provide Stream Isolation pre-configured for most apps by default?°*. 


If you want additional software on the Workstation (such as another Browser), follow their guide here 
https://www.whonix.org/wiki/Install_ Software Archive-crs] 


Consider running Whonix in Live Mode if for extra malware protection, See https://www.whonix.org/wiki/Anti- 
Forensics_Precautions "here! 


Do not forget to apply the VM hardening recommendations here: Virtualbox Hardening recommendations. 


Consider using AppArmor on your Whonix Workstations by following this guide: 
https://www.whonix.org/wiki/AppArmor [*hive.ore] 


Linux (any distro): 

Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, 
screen resolution, or other) could be used to fingerprint your VMs later. See 
https://www.whonix.org/wiki/VM_Fingerprinting 4"hve-7"! 


If you can use Tor (natively or over a VPN): 
Use the Linux Distro of your choice. | would recommend Ubuntu or Fedora for convenience but any other would 
work too. Be sure to not enable any telemetry. 


Refer to this tutorial https://www.whonix.org/wiki/Other_Operating Systems "e-°'8l for detailed instructions. 
Consider hardening the VM as recommended in Hardening Linux. 


If you cannot use Tor: 

Use the Linux Distro of your choice. | would recommend Ubuntu or Fedora for convenience but any other would 
work too. Be sure to not enable any telemetry. You could go with the risky route: See Appendix P: Accessing the 
internet as safely as possible when Tor and VPNs are not an option 


Choose a browser within the VM: 
This time, | will recommend Brave browser. 


See why here: Appendix V: What browser to use in your Guest VM/Disposable VM 
See Appendix V1: Hardening your Browsers as well. 


Windows 10 Virtual Machine: 

Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, 
screen resolution, or other) could be used to fingerprint your VMs later. See 
https://www.whonix.org/wiki/VM_Fingerprinting "he's! 


tale lol me OM OMe (ol Vallelele 
Go with the Official Windows 10 Pro VM and harden it yourself: see Appendix C: Windows Installation Media 
Creation and go with the ISO route. 


There is also another option you might hear about which is Windows AME (Ameliorated) from the 
https://ameliorated.info/ °°] project which is a special Windows 10 build stripped from all 
telemetry/advertising and update components. I do not recommend this option due to the insecure nature of that 
release lacking the latest updates/patches and lacking the ability to update completely. | do believe the project 
general idea is good, but it is just too insecure/risky and contains unnecessary software picked by the dev. 


358 Whonix Documentation, Stream Isolation, By Settings https://www.whonix.org/wiki/Stream_lIsolation#By_Settings “’nive-°"8! 
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If you can use Tor (natively or over a VPN): 
Refer to this tutorial https://www.whonix.org/wiki/Other_Operating_Systems "veel for detailed instructions. 


Navsieel | 


Shut down the Whonix Gateway VM (this will prevent Windows from sending out telemetry and allow you to 
create a local account). 

Open Virtualbox 

Select Machine > New > Select Windows 10 64bit 

Allocate a minimum amount of 2048MB but ideally 4096MB if your Ram allows it 
Create a Virtual Disk using the VDI format and select Dynamically Allocated 

Keep the disk size at 50GB (this is a maximum; it should not reach that much) 

Y=} (Youn d aToMVA\V/ Weel ale Mel [To), ansaid a} Asem Clo [alone atom \ (180) dal irc] o) 

Select “Internal Network” in the “Attached to” Field and select Whonix. 

Go into the Storage Tab, Select the Empty CD and click the icon next to SATA Port 1 
Click on “Choose a disk file” and select the Windows ISO you previously downloaded 
Click ok and start the VM 

Virtualbox will prompt you to select a Starting disk (the ISO file), select it, and click Start 
Follow the steps in Appendix A: Windows Installation 

Start the Whonix Gateway VM 


Network Settings: 


Go back into Settings then Network & Internet 
Click Properties (Below Ethernet) 
Edit IP settings: 
Enable IPv4 and set the following: 
o IP address °10.152.152.50°™* (increase this IP by one for any other VM) 
o Subnet prefix length 18° ((~255.255.192.0°*») 
o Gateway ~°10.152.152.10°™ (this is the Whonix Gateway) 
o DNS~*~10.152.152.10°™ (this is again the Whonix Gateway) 
o Save 
Windows might prompt you if you want to be “discoverable” on this network. Click NO. 


Every time you will power on this VM in the future, make sure you change its Ethernet Mac Address before each 
boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC 
address. You can only do this while the VM is powered off. 


If you cannot use Tor: 
See Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option 


faksieell 
e 
e@ 


Open Virtualbox 

Select Machine > New > Select Windows 10 64bit 

Allocate a minimum amount of 2048MB but ideally 4096MB if your Ram allows it 
Create a Virtual Disk using the VDI format and select Dynamically Allocated 

Keep the disk size at 50GB (this is a maximum; it should not reach that much) 

Go into the Storage Tab, Select the Empty CD and click the icon next to SATA Port 1 
Click on “Choose a disk file” and select the Windows ISO you previously downloaded 
Click ok and start the VM 

Virtualbox will prompt you to select a Starting disk (the ISO file), select it, and click Start 
Follow the steps in Appendix A: Windows Installation 


Network Settings: 


AVAViTaXe CoN MUU ol moyen ol mnyolU MI m\ZolU IN’ r-] alm Koll ol-Mame| | Yore)V/-1e-]0)(<MarelamaalcmalciaNie)e em Olle. al\ (Om 
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Every time you will power on this VM in the future, make sure you change its Ethernet Mac Address before each 
boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC 
address. You can only do this while the VM is powered off. 


Choose a browser within the VM: 
This time, | will recommend Brave browser. 


See why here: Appendix V: What browser to use in your Guest VM/Disposable VM 
See Appendix V1: Hardening your Browsers as well. 


Additional Privacy settings in Windows 10: 
See Appendix B: Windows Additional Privacy Settings 


Navel xe)(omVAlauer-)m\V/r-\elallalcr 

sXeor<]UKYomvo) a alcud | aat=ssmvZelU mW cela lMnnem dela anvelo)] (=W-Ve) ose] are) aN zaateleiyhVmxelomm Coll mer-]alr-] oms\-1 m0) ol-]aW-Vale|ge) ie MVA\Y mie) andalis 
purpose. As in other cases, ideally, this VM will also be sitting behind the Whonix Gateway for Tor network 
connectivity. But this can also be set up as VPN over Tor over VPN 


If you can use Tor (natively or over a VPN): 
Later in the VM settings during creation, go into Network and select Internal Network, Whonix. 


ai alslamelaW-Valelce)(oMase) |e 

e Select Wi-Fi 

e Select VirtWifi to connect 

e Go into the advanced Wi-Fi properties 

e Switch from DHCP to Static 
o IP address **10.152.152.50°™* (increase this IP by one for any other VM) 
o Subnet prefix length 18° (“~255.255.192.0°*») 
o Gateway ~°10.152.152.10°™ (this is the Whonix Gateway) 
o DNS~~10.152.152.10°™ (this is again the Whonix Gateway) 


If you cannot use Tor: 
Just use the tutorials as is and see Appendix P: Accessing the internet as safely as possible when Tor and VPNs are 
rave) mr-la me) ela ioy a 


Installation: 
Two possibilities: AnBox or Android-x86 


AnBox: 
Basically follow the tutorial here for installing AnBox on the Whonix Workstation: 
https://www.whonix.org/wiki/Anbox 4"<hve-'8] for running Android Applications within an AnBox VM. 


Or follow the instructions here https://anbox.io/ to install on any other VM (Linux Only) 


Navel gel(ebo.<ciok 
Basically, follow the tutorial here: https://www.android-x86.org/documentation/virtualbox.html 4"hve-orel 


e Download the ISO file of your choice 
e Create a New VM. 
e Select Linux and Linux 2.6 / 3.x / 4.x 64 Bit. 
e In System: 
o Allocate at least 2048MB (2GB) memory 
o Uncheck the Floppy drive 
o Inthe Processor Tab, select at least 1 or more CPUs 
o Enable PAE/NX 
e In Display Settings, Change the adapter to VBoxVGA 
e In Audio Settings, Change to Intel HD Audio 
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e Start the VM 

e Select Advanced if you want persistence, Live if you want a disposable Boot (and skip the next steps). 

e Select Auto Install on Selected Hard Disk 

Cmesy=) (Lola Ola Valel gel (e| 

e Set up as you wish (disable all prompts for data collections). | recommend using the TaskBar Home. 

Cn CloWl [nino besy-i nu a} -<<yuy-Valol ge) (ob>.<s1oN @) oy (o) alcyur-lalome [ist-]) (-mr-]1 move) | (<Ye1u Le) aise 

e Connect to VirtWifi Wi-Fi Network (see the above section if you are behind Whonix and want to use Tor) 


NLolUWr-] a=W alo\vare(o) at m=) aie Mer-]alu ale) iva lalcit-]i i= Jalva-Valelge)(eir-] 0) em 


macOS Virtual Machine: 
Yes, you can actually run macOS within Virtualbox (on Windows/Linux/macOS host systems) if you want to use 
macOS. You can run any version of macOS you want. 


If you can use Tor (natively or over a VPN): 
During the following tutorials, before starting the macOS VM, make sure you do put the macOS VMs on the Whonix 
Network. 

e Select the VM and click Settings, Go into the Network Tab 

e Select “Internal Network” in the “Attached to” Field and select Whonix 


PNaidelan\elaepar-lale moll) alatemuatemlalcie-]i pmolUmW II Malct-lom onlay oLUimr-lalu | rmr-lololacxiom aat-lal0r-]i hme mocolalal-loumualaoleldamaal-m\"aatelaly< 
Gateway. 


Use these settings when prompted in the macOS installation process: 


IP address 10.152.152.50° (increase this IP by one for any other VM) 
Subnet prefix length 18° (*~255.255.192.0°*») 

Gateway ~°10.152.152.10°™ (this is the Whonix Gateway) 

DNS ©*10.152.152.10°™* (this is again the Whonix Gateway) 


a © a © 


If you cannot use Tor: 
Just use the tutorials as is and see Appendix P: Accessing the internet as safely as possible when Tor and VPNs are 
rae) mr-la mel eld iey a 


Installation: 
e Windows Host OS: 
om A 18 4T-]| ofo) Ore] I lat NUl Re) at] PM alad OSH MANTANTAUVAN ZI dfox-]] a mexo) aaVAlarcit-) | ex aat-lxokmrore] i] flat-erelamal alte] | ele), crolare 
windows/ chive.ors] 
© Virtualbox Big Sur Tutorial: https://www.wikigain.com/how-to-install-macos-big-sur-on-virtualbox- 
on-windows-pc/ [A’chive.ore] 
o Virtualbox Monterey Tutorial: https://www.wikigain.com/install-macos-monterey-on-virtualbox/ 
[Archive org] 
e macOS Host OS: 
© Just use the same tutorials as above but execute the various commands in the terminal. It should 
work without issue. 
e = Linux Host OS: 
© Just use the same tutorials as above but execute the various commands in the terminal. It should 
work without issue. 


There are some drawbacks to running macOS on Virtual Machines. The main one is that they do not have a serial 
ralUlanl oX=1@n (OM oN’Ae(-i-lUL19 Ware M Lele mA] MoX-MU)ar-]o)(-mxon (oY-M lam mole] anvar-\e)¢)(=t ole) (el Yo m{-1 avi (ero ((@llel¥ [om \/Lsisx-}-4-eem IAL p01) m=] 
genuine ID. You can set such IDs using this script: https://github.com/myspaghetti/macos-virtualbox 4"ve-°rl but 
keep in mind that randomly generated IDs will not work and using the ID of someone else will break their Terms of 
Services and could count as impersonation (and therefore could be illegal). 
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Note: | also ran in multiple issues with running these on AMD processors. This can be fixed so here is the 
configuration | used which worked fine with Catalina, Big Sur and Monterey which will tell Virtualbox to emulate an 
Intel Processor instead: 
e ~°“VBoxManage modifyvm “macOSCatalina” —-cpuidset 00000001 000106e5 00100800 0098e3fd bfebfbff 
e *“VBoxManage setextradata "macOSCatalina" "VBoxinternal/Devices/efi/0/Config/DmiSystemProduct" 
“MacBookPro15,1” ~~ 
e ~*“VBoxManage setextradata "macOSCatalina" "VBoxinternal/Devices/efi/0/Config/DmiBoardProduct" "Mac- 
551B86E5744E2388""~ 
e ~*VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/DeviceKey" 
"ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerlnc" 
e ~VBoxManage setextradata "macOSCatalina" "VBoxinternal/Devices/smc/0/Config/GetKeyFromRealSMC" 
7 
e ~°“VBoxManage modifyvm "macOSCatalina" --cpu-profile "Intel Core i7-6700K""” 
e ~*~VBoxManage setextradata "macOSCatalina" VBoxInternal2/EfiGraphicsResolution 1920x1080°* 


iw (olgeltaligremagie(a Oey 
Refer to Hardening macOS. 


Choose a browser within the VM: 
This time, | will recommend Brave browser. 


See why here: Appendix V: What browser to use in your Guest VM/Disposable VM 
See Appendix V1: Hardening your Browsers as well. 


KeepassxC: 
You will need something to store your data (logins/passwords, identities, and TOTP**? information). 


For this purpose, | strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to 
create entries for 2FA*© authentication with the authenticator feature. 


Remember this should ideally be installed on your Guest VM and not on your Host OS. You should never do any 
sensitive activities from your Host OS. 


Here are the tutorials: 
e Tails: KeePassXC is integrated by default 
e = Whonix: https://www.whonix.org/wiki/Keepassxc Archive.ore] 
e Linux: 
fommen PYonNYalCes-oMice)sa Malas SH AA C212] ef] come) e-4A0(eN 78) (0}-[0 | meena 
o Follow the tutorial here https://keepassxc.org/docs/KeePassXC_GettingStarted.html#_linux 4'hive-ors] 
e Windows: 
o Download from https://keepassxc.org/download/ “hive ors] 
oun we) |e)" muat-mavinolar-]mal-la 
https://KeePassXC.org/docs/KeePassXC_GettingStarted.html#_microsoft_windows A*hive.org] 
e macOS: 
fom Loy 7a) Col-TeixeluaM alad SHA 1 <-1-1 ef Cone] a 4A0 (0) 701 (F- 10) abate 


© Follow the tutorial here https://keepassxc.org/docs/KeePassXC_GettingStarted.html# _macos 
Niel aT\Vmol g4| 


Test that KeePassXC is working before going to the next step. 


VPN client installation (cash/Monero paid): 
If you decided to not use a cash-paid VPN and just want to use Tor, skip this step. 


359 Wikipedia, TOTP https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm 'Wikiless] [Archive.org] 
360 Wikipedia, Multi-Factor Authentication https://en.wikipedia.org/wiki/Multi-factor_authentication /ikiless] [Archive.org] 
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If you cannot use a VPN at all in a hostile environment, skip this step. 
Otherwise, see Appendix R: Installing a VPN on your VM or Host OS to install a VPN client on your client VM. 
This should conclude the Route and you should now be ready. 


About VPN Client Data Mining/Leaks: 
You might be asking yourself if those VPN clients are trustworthy not to leak any information about your local 
environment to the VPN provider when using them in the “VPN over Tor” context. 


This is a valid concern but should be taken with a grain of salt. 


Remember that all VPN activities are happening from a sandboxed VM on an internal network behind a Network 
Gateway (the Whonix Gateway). It does not matter much if the VPN client leaves some identifiers on your guest VM. 
The guest VM is still sandboxed and walled-off from the Host OS. The attack surface is IMHO pretty small especially 
when using the reputable and recommended VPN providers within the guides (iVPN, Mullvad, ProtonVPN, and 
maybe Safing.io). 


At best, the VPN client would know your local IP (internal IP) and some randomized identifiers but should not be able 
to get anything from the Host OS. And in theory, the VPN client should not send any telemetry back to the VPN 
provider. If your VPN client does this or asks this, you should consider changing the provider. 


(Optional) Allowing only the VMs to access the internet while cutting off the Host OS to prevent any leak: 
This step will allow you to configure your Host OS so that only the Whonix Gateway VM will have access to the 
internet. This will therefore prevent any “leak” from your Host OS while letting the Whonix Gateway establish the tor 
connectivity. The other VMs (Whonix Workstation or any other VM you installed behind it will not be affected) 


There are three ways to do this: 

e The Lazy Way (not really recommended): not supported by Whonix and might have some security 
implications as you will expose the Whonix Gateway VM to the Public Wi-Fi network. | would recommend 
against this unless you are in a hurry or very lazy. 

o This method will not work with Wi-Fi captive portals requiring any registration to connect. 

e The Better Way (see further down): still not supported by Whonix but it will not expose the Whonix Gateway 
VM to the Public Wi-Fi network. This should keep things in check in terms of security. 

e The Best Way: Using an external USB Wi-Fi dongle and just disabling Wi-Fi on the Host OS/Computer. 


The Lazy Way (not supported by Whonix but it will work if you are in a hurry, see further for the better way): 
This way is not supported by the Whonix project? but | will go ahead and give this option anyway. IMHO this is 
helpful to prevent your Host OS from leaking any information while you are using the Whonix VMs. 


Note that this option as-is will only work on Wi-Fis without a captive portal (where you must enter some 
information to unlock access). 


The illustration below shows the result of this step: 


361 Whonix Documentation, Bridged Adapters Warning https://www.whonix.org/wiki/Whonix- 


Gateway_Security#Warning:_ Bridged_Networking "chive ore] 
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Windows 10/Whonix Workstation/ 
Linux/MacOS VM 
(Anonymous Activities) 


Whonix Gatew 





Configuration of the Whonix Gateway VM: 

For this to work, we will need to change some configurations on the Whonix Gateway VM. We will need to add a 
DHCP client to the Whonix Gateway to receive IP addresses from the network. To do those changes the Host OS will 
still have to have internet access allowed for now. 


So here is how: 
e Be sure to have your Host OS connected to a safe Wi-Fi. 
e Through VirtualBox, start the Whonix Gateway VM 
e Start a Terminal on the VM 
e Install a DHCP client on the Whonix Gateway VM using the following command: 
o sudo apt install dhcpcd5*~ 
e Now edit the Whonix Gateway VM network configuration using the following command: 
o sudo nano /etc/network/interfaces.d/30_non-qubes-whonix* 
e Within the file change the following lines: 
o > #auto ethO™ to ‘auto ethO~ 
“# iface ethO inet dhcp” to “iface ethO inet dhcp” 
™iface ethO inet static to # iface ethO inet static ~ 
address 10.0.2.15° to “# address 10.0.2.15°~ 
netmask 255.255.255.0°° to "'# netmask 255.255.255.0°" 
gateway 10.0.2.2°° to # gateway 10.0.2.2°° 
e Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu 
e Go into the VirtualBox Application and select the Whonix Gateway VM 
e = Click Settings 
e Click the Network Tab 
e For Adapter 1, change the “Attached To” value from “NAT” to “Bridged Adapter” 
e As “Name”, select your Wi-Fi network Adapter 
e Click OK and you are done with the VM configuration part 


Oo oO @ © © 


Configuration of the Host OS: 

Now we must block internet access from your Host OS while still allowing the VM to connect. This will be done by 
connecting to Wi-Fi with the Host OS but without assigning itself an IP address. The VM will then use your Wi-fi 
association to get an IP address. 


Windows Host OS: 
The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by 
deleting the Gateway from the connection after you are connected: 
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e First, connect to the safe Wi-Fi of your choice 

Cie ©) ol-lae-Jame-(eloalialsideclunvcemerolaalaat-lavem e)ce)an) ola (als4aieecoll (ol @o)am Qeo)anloat-lalem iaolaalolm-laremnlam-w-Velonlialcine-ine)a] 

e Runthe following command: route delete 0.0.0.0 (this deletes the Gateway from your IP configuration) 

e You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi 

o Note that this will reset at each disconnect/reconnection to a network, and you will have to delete 
the route again. This is not permanent. 

mn Colm or- alu alo) Vacier-] amv at=m" ida olaly @Cr-nechiV-DVAAVA\V MWY al (elas) alol¥] (ol aro) ivme) ole-llamr-lal |omr-lUine)par-la(or-)|\Vamiceleamaarom iby al 
network and should provide Network to the other VMs behind (Whonix Workstation or other). 

e And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work 
behind the Whonix Gateway VM) and it should be connected to the internet through Tor. 


Linux Host OS: 
The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by 
deleting the Gateway from the connection after you are connected: 
e First, connect to the safe Wi-Fi of your choice 
e Open a Terminal 
e Run the following command: ~sudo ip route del default (this deletes the Gateway from your IP 
configuration) 
e You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi 
o Note that this will reset at each disconnect/reconnection to a network, and you will have to delete 
the route again. This is not permanent. 
e You can now start the Whonix Gateway VM which should now obtain an IP automatically from the Wi-Fi 
network and should provide Network to the other VMs behind (Whonix Workstation or other). 
e And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work 
behind the Whonix Gateway VM) and it should be connected to the internet through Tor. 


macOS Host OS: 
The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by 
deleting the Gateway from the connection after you are connected: 
e First, connect to the safe Wi-Fi of your choice 
e Open a Terminal 
e Run the following command: “sudo route delete default’ (this deletes the Gateway from your IP 
configuration) 
e You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi 
o Note that this will reset at each disconnect/reconnection to a network, and you will have to delete 
the route again. This is not permanent. 
e You can now start the Whonix Gateway VM which should now obtain an IP automatically from the Wi-Fi 
network and should provide Network to the other VMs behind (Whonix Workstation or other). 
e And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work 
behind the Whonix Gateway VM) and it should be connected to the internet through Tor. 


The Better Way (recommended): 

This way will not go against Whonix recommendations (as it will not expose the Whonix Gateway to the Host OS) 
and will have the advantage of allowing connections not only to open Wi-Fis but also to the ones with a Captive 
Portal where you need to enter some information to access the internet. 


Yet this will still not be supported by the Whonix project, but it is fine as the main concern for the earlier Lazy Way is 
to have the Whonix Gateway VM exposed to the Host Network, and it will not be the case here. 


This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge. 


For this purpose, | will recommend the use of a lightweight Linux Distro. Any will do but the easiest IMHO will be an 
Ubuntu-based distro and | would recommend the lightweight XUbuntu as it will be extremely easy to configure this 
setup. 
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Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is 
lightweight and this VM will only serve as a proxy and nothing else. 

Of course, you can also achieve this with any other Linux distro if you so decide you do not like XUbuntu. 


This is how it will look at the end: 


Windows 10/Whonix Workstation/ 
Linux/MacOS VM 
(Anonymous Activities) 





Installing XUbuntu VM: 
Make sure you are connected to a safe Wi-Fi for this operation. 


First, you will need to download the latest XUbuntu Stable release ISO from https://xubuntu.org/download/ 


When you are done with the download, it is time to create a new VM: 
e §=©Start VirtualBox Manager 
e Create anew VM and name it as you want, for example, “XUbuntu Bridge” 
e Select type “Linux” 
e Select Version “Ubuntu (64-bit)” 
Cee K=t-\V-Mol a=) ee) o) die) atsmneMo(=1 7-10) imr-lalemel|(o q@la-r-]i-) 
e Onthe next screen, leave the default options and click Create 
e Select the newly create VM and click Settings 
e Select Network 
ian so) ay Xo [-) ou) aml MES)1NV/| Mol ain wold sale /24-Yo Mm \V/LoYo(=wr-]alom ol(el @aVolb) an AV ce i ir-lor-]o) a=) au lamaal=m\ (Janta 
e Select Adapter 2 and enable it 
e Attach it to “Internal Network” and name it “XUbuntu Bridge” 
Cesy=1 (101 as) 0) g7-] 4 
e Select the Empty CD drive 
e On the right side, click the CD icon and select “Choose a disk file” 
CmnSY=) (101 mW aL=M OM) m.40] oLU]ainUM\oLUM ol ge\ (LUI Varo eN\Z0) (eF-lo(aXeb-J ale M@ll(e). a0) 4 
e Start the VM 
e Select Start XUbuntu 
e Select Install XUbuntu 
e Pick your Keyboard Layout and click Continue 
e Select Minimal Installation and Download Updates while installing XUbuntu 
e Select Erase Disk and install XUbuntu and click Install Now 
e Select the Time Zone of your choice and click Continue 
e Pick some random names unrelated to you (my favorite username is “NoSuchAccount”) 


Page 107 of 243 








MaveM mlineialall¢-leecm 10) (e(-muon @)aliialew-Vareyanzanlia’g 


e Pick a password and require a password to login 

e Click Continue and wait for the install to finish and Restart 

e When you are done rebooting, log-in 

e Click the upper right connection icon (it looks like two rotating spheres) 

e =Click Edit Connections 

e Select Wired Connection 2 (Adapter 2 previously configured in VirtualBox settings) 
e Select the IPv4 Tab 

e Change the Method to “Shared to other computers” and click Save 

e You are now done setting up the XUbuntu Bridge VM 


Configuring the Whonix Gateway VM: 
By default, the Whonix Gateway has no DHCP client and will require one to get an IP from a shared network you 
configured earlier: 
e Through VirtualBox, start the Whonix Gateway VM 
e Start a Terminal on the VM 
e Install a DHCP client on the Whonix Gateway VM using the following command: 
o sudo apt install dhcpcd5 
e Now edit the Whonix Gateway VM network configuration using the following command: 
o “sudo nano /etc/network/interfaces.d/30_non-qubes-whonix 
e Within the file change the following lines: 
o ~ #auto ethO™ to auto ethO™” 
‘“# iface ethO inet dhcp’ to ~iface ethO inet dhcp” 
iface ethO inet static to  # iface ethO inet static’~ 
address 10.0.2.15° to “# address 10.0.2.15°~ 
netmask 255.255.255.0°° to "'# netmask 255.255.255.0°" 
gateway 10.0.2.2°° to “# gateway 10.0.2.2°” 
e Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu 
Cn Clo laivomaar-M dl adel-]|s{oy.@-Vo)o)|ler-lu(olamr-lalemx-) (lem val-m'\dalolaly a er-iKch WZ NVANVAIV 
e Click Settings 
e Click the Network Tab 
e For Adapter 1, change the “Attached To” value from “NAT” to “Internal Network” 
e As “Name”, select the internal network “XUbuntu Bridge” you created earlier and click OK 
e Reboot the Whonix Gateway VM 
e From the upper left menu, select System, Tor Control Panel, and check that you are connected (you should 
be) 
e You are done configuring the Whonix Gateway VM 


ooo Oo © 


Configuration of the Host OS: 

Now we must block internet access from your Host OS while still allowing the XUbuntu Bridge VM to connect. This 
will be done by connecting to Wi-Fi with the Host OS but without assigning itself a gateway address. The VM will 
then use your Wi-fi association to get an IP address. 


If necessary, from the XUbuntu Bridge VM, you will be able to launch a Browser to enter information into any 
captive/registration portal on the Wi-Fi network. 


Only the XUbuntu Bridge VM should be able to access the internet. The Host OS will be limited to local traffic only. 


Windows Host OS: 
The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by 
deleting the Gateway from the connection after you are connected: 
e First, connect to the safe Wi-Fi of your choice 
a ©) olan lam-loleallalcinaclanemeolaalaat-larem e)ae)en) olen (lsd aiecrell (ol qxolam @co)aalant-larem aae)ne) olar-lalom .(Ulam-kow-Volanlialkive-lela) 
e Run the following command: ~ route delete 0.0.0.0° (this deletes the Gateway from your IP configuration) 
e You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi 
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o Note that this will reset at each disconnect/reconnection to a network, and you will have to delete 
the route again. This is not permanent. 
e You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi 
network and should provide Network to the other VMs behind (Whonix Workstation or other). 
e If necessary, you can use the XUbuntu Bridge VM Browser to fill in any information on any 
captive/registration portal to access the Wi-Fi. 
e §6After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the 
XUbuntu Bridge VM. 
e And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work 
behind the Whonix Gateway VM) and it should be connected to the internet through Tor. 


Linux Host OS: 
The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by 
deleting the Gateway from the connection after you are connected: 
e First, connect to the safe Wi-Fi of your choice 
e Open a Terminal 
e Run the following command: “sudo ip route del default” (this deletes the Gateway from your IP 
configuration) 
e You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi 
o Note that this will reset at each disconnect/reconnection to a network, and you will have to delete 
the route again. This is not permanent. 
e You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi 
network and should provide Network to the other VMs behind (Whonix Workstation or other). 
Cian | i a\=Yerei<y-] VAM OL0 Mor-] a UKY=Mn al- 40) oLU nine Mm sialel:{-MVA\Y/ sige) \1-) mn kon Mlam-laNvalalielanar-iulelamelem-lany 
captive/registration portal to access the Wi-Fi. 
e After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the 
XUbuntu Bridge VM. 
e And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work 
behind the Whonix Gateway VM) and it should be connected to the internet through Tor. 


macOS Host OS: 
The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by 
deleting the Gateway from the connection after you are connected: 
e First, connect to the safe Wi-Fi of your choice 
e Open a Terminal 
e Run the following command: ~‘sudo route delete default” (this deletes the Gateway from your IP 
configuration) 
e You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi 
o Note that this will reset at each disconnect/reconnection to a network, and you will have to delete 
the route again. This is not permanent. 
e You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi 
network and should provide Network to the other VMs behind (Whonix Workstation or other). 
Cia | i aX ={erei<y-] VAM OL0 Mor=] a UKY=Mn al= dU) oLU ain l siete l:<-MVAlY/msiqo) ie) mn comnil| Mlam-la\valalie)anat-iulelamelam-lany 
captive/registration portal to access the Wi-Fi. 
e After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the 
XUbuntu Bridge VM. 
e And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work 
behind the Whonix Gateway VM) and it should be connected to the internet through Tor. 


The best way: 

This way will not go against Whonix recommendations (as it will not expose the Whonix Gateway to the Host OS) 
and will have the advantage of allowing connections not only to open Wi-Fis but also to the ones with a Captive 
Portal where you need to enter some information to access the internet. Yet this will still not be supported by the 
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Whonix project, but it is fine as the main concern for the earlier Lazy Way is to have the Whonix Gateway VM 
exposed to the Host Network, and it will not be the case here. This option is the best because the network will be 
completely disabled on the Host OS from booting up. 


This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge 
and to connect to the Wi-Fi network. This option requires a working USB Wi-Fi Dongle that will be passed through 
to a bridge VM. 


For this purpose, | will recommend the use of a lightweight Linux Distro. Any will do but the easiest IMHO will be an 
Ubuntu-based distro and | would recommend the lightweight XUbuntu as it will be extremely easy to configure this 
X=100] op 


Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is 
lightweight and this VM will only serve as a proxy and nothing else. 


Of course, you can also achieve this with any other Linux distro if you so decide you do not like XUbuntu. 


This is how it will look at the end: 











Public Wi-Fl Internet 


Ke) F-la=tom"dalelalbant-iaiiela4 


Connection Allowed 


(With or Without VPN over Tor) 


Windows 10/Whonix Workstation/ 
Linux/MacOS VM 
(Anonymous Activities) 








e Disable Networking on your Host OS completely (Turn off the on-board Wi-Fi completely) 
e Plug in and install your USB Wi-Fi Dongle. Connect it to a safe Public Wi-Fi. This should be easy and 
automatically installed by any recent OS (Windows 10, macOS, Linux). 


By default, the Whonix Gateway has no DHCP client and will require one to get an IP from a shared network you will 
configure later, on a Bridge VM: 
e Through VirtualBox, start the Whonix Gateway VM 
e Start a Terminal on the VM 
e Install a DHCP client on the Whonix Gateway VM using the following command: 
© sudo apt install dhcpcd5** 
e Now edit the Whonix Gateway VM network configuration using the following command: 
o sudo nano /etc/network/interfaces.d/30_non-qubes-whonix ~ 
e Within the file change the following lines: 
o > #auto ethO™ to auto ethO™ 
“# iface ethO inet dhcp’ to “iface ethO inet dhcp~ 
iface ethO inet static to # iface ethO inet static ~ 
address 10.0.2.15° to “# address 10.0.2.15°~ 


oO @ © 
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lon ies netmask 255.255.255.0° to -"'# netmask 255.255.255.0°~ 
Oo gateway 10.0.2.2°° to # gateway 10.0.2.2°> 
e Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu 


Installing XUbuntu VM: 
Make sure you are connected to a safe Wi-Fi for this operation. 


First, you will need to download the latest XUbuntu Stable release ISO from https://xubuntu.org/download/ 


When you are done with the download, it is time to create a new VM: 
e Disconnect your host OS from the Wi-Fi you previously connected to with the dongle and forget the 
network. 
e Start VirtualBox Manager 
e Create anew VM and name it as you want, for example, “XUbuntu Bridge” 
e Select type “Linux” 
e Select Version “Ubuntu (64-bit)” 
Cn Y=) =o) a= ao) 0) de) alom Kole (1-10) m= alo Moll (ol a Olaer- 1 K-) 
e Onthe next screen, leave the default options and click Create 
e Select the newly create VM and click Settings 
e Select Network 
e For Adapter 1, Attach it to “Internal Network” and name it “XUbuntu Bridge’ 
e Select Storage 
e Select the Empty CD drive 
e On the right side, click the CD icon and select “Choose a disk file” 
e Select the ISO of XUbuntu you previously downloaded and Click Ok 
e Select the USB Tab 
e On the right side, click the USB icon with a + sign (the second from the top) 
e Select the Wi-Fi Adapter Dongle from the list and make sure it is checked (leave the USB options to default) 
e Start the VM 
e Select Start XUbuntu 
e Select Install XUbuntu 
e Pick your Keyboard Layout and click Continue 
CMmesy=1 1-101 \V/ [alan] faccit) | t-laelan-]aleimo(oM alojanelal-Yol qu al-m Blo) Via) (ee MU) ofor-1n-iome [Ula] al-mdal-W lati] | Me) ola ley) 
e Select Erase Disk and install XUbuntu and click Install Now 


) 


e Select the Time Zone of your choice and click Continue 

e Pick some random names unrelated to you (my favorite username is “NoSuchAccount”) 

e Pick a password and require a password to login 

e Click Continue and wait for the install to finish and Restart 

e When you are done rebooting, log-in 

e Click the upper right connection icon (it looks like two rotating spheres) 

e Click Edit Connections 

CmsY-) (=Lolm AVA] c=10 Mk ola) at =Yoid (oy am im (ato) aaat-]i\vadarla=s)alele) (oMe)a) iva oX-me) a\-)) 

e Select the IPv4 Tab 

e Change the Method to “Shared to other computers” and click Save 

e Again, click the upper right connection icon 

e Connect to the safe Wi-Fi of your choice and if necessary, input the necessary information into a Captive 
Portal. 

e You are now done setting up the XUbuntu Bridge VM 


At this stage, your Host OS should have no network at all and your XUbuntu VM should have a fully working Wi-Fi 
connection and this Wi-Fi connection will be shared to the Internal Network “XUbuntu Bridge”. 
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Additional configuration of the Whonix Gateway VM: 
Now it is time to configure the Whonix Gateway VM to get access from the shared network from the bridge VM we 
s[Uksiem aa¥-\ol-Molalndalem-t-)al(-]@cin-] op 

e Go into the VirtualBox Application and select the Whonix Gateway VM 

e = Click Settings 

e §=Click the Network Tab 

e For Adapter 1, change the “Attached To” value from “NAT” to “Internal Network” 

e As “Name”, select the internal network “XUbuntu Bridge” you created earlier and click OK 

e Reboot the Whonix Gateway VM 

e From the upper left menu, select System, Tor Control Panel, and check that you are connected (you should 

be) 
e You are done configuring the Whonix Gateway VM 


At this stage, your Whonix Gateway VM should be getting internet access from the XUbuntu Bridge VM which in turn 
is getting internet access from the Wi-Fi Dongle and sharing it. Your Host OS should have no network connectivity at 
all. 


PAN} id aX AVA V/ Koos of =) a) faXolmu atomaVd alo) alba Gre inca’ Z-bVacalel0l (elm ale\nVmn ola qui lal=miiaarelel mr-lolollute)al-) move) alit-0le-1ule)a 


Final step: 
Take a post-install VirtualBox snapshot of your VMs. 


You are done and can now skip the rest to go to the Getting Online part. 


The Qubes Route: 

Note that while this route is written for Qubes OS 4.0.x, it should also work with Qubes OS 4.1.x but it hasn’t been 
tested yet. The guide will be updated when Qubes OS 4.1 is released (now at the Release Candidate 3 stage as of 
this writing). 


As they say on their website, Qubes OS is a reasonably secure, free, open-source, and security-oriented operating 
system for single-user desktop computing. Qubes OS leverages and extensively uses Xen-based virtualization to 
) CoN Va ce) and al -Molger-la(o)a l=) ale Maar-Var-}x-10a(=1al me) imo) uncle meolan)oy-ladaai-laiucmer-) |(-1e O10) ef-s 


COLO] oY OSM Maloy ar WM alUp. aol Kina] oLULuCo) a beam oLULar- D(a mel ina] olUla(ola Puen cMoliac-)a-laimacelaamMlaleha@elicinal ol0pito)atcmey-Tor-lUy-Mi mn | 
make extensive use of Virtualization and Compartmentalization so that any app will run in a different VM (Qube). As 
a bonus, Qubes OS integrates Whonix by default and allows for increased privacy and anonymity. It is highly 
recommended that you document yourself over Qubes OS principles before going this route. Here are some 
recommended resources: 
e Qubes OS Introduction, https://www.qubes-os.org/intro/ Archive ore] 
e Qubes OS Video Tours, https://www.qubes-os.org/video-tours/ 'hive.orsl 
e Qubes OS Getting Started, https://www.qubes-os.org/doc/getting-started/ rhve-crel 
Cian COLUM MU) of-Fm M1 K=M 51-1 al] ale m dai] ai Kol] Py -W Mole) ar-) ml @ 10] of-towr-] alo Golo) l= at-t-Lo nem Colarsi-laldiamsivc-] o)ianVeam Mat=m A alUbs¢ 
Foundation https://www.youtube.com/watch ?v=8cU4hQg6GvU lnvidious] 
e YouTube, | used the reasonably-secure Qubes OS for 6 months and survived - Matty McFatty 
[@themattymcfatty] https://www.youtube.com/watch?v=sbN5Bz3v-uA l'nvidious] 
e YouTube, Qubes OS: How it works, and a demo of this VM-centric OS 
https://www.youtube.com/watch?v=YPAvoFsvSbg lnvidious] 


This OS is recommended by prominent figures such as Edward Snowden, PrivacyGuides.org. 


(OlU] of-Kom icv a(om ols] mo) o]N Le) aM [alu alicw-40] (ol Wm xe) al of-lo) o)(- MU alo -] a-M nate) a-m eo) aaixe) ar] o)(-MNidam Ml alUp.ar-)alema-\ol alll am :<-)al-) e-] Au s{0) mila ay-1S 
some downsides such as the lack of OS-wide plausible deniability, its hardware requirements, and its hardware 
compatibility. While you can run this on 4GB of RAM as per their requirements?°?, the recommended RAM is 16GB. | 


362 Qubes OS, FAQ, https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution Archive-crel 
363 Qubes OS, System Requirements https://www.qubes-os.org/doc/system-requirements/ A*chive-crsl 
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would recommend against using Qubes OS if you have less than 8GB of RAM. If you want a comfortable experience, 
{OL} aYolU (oll at-hV{-m MolG] = ym) im CoLU IN Z-] alur- Wu or-] aa (ol0] F-lalVar=al(o)\Z-]6)(m=).40l-) a (=) a(ecPmZO10 BS) alol0| (oll a-\V{-W2- (Cl so) mic PAC] 5% 


The reason for this RAM requirement is that each app will run in a different VM and each of those VM will require 
FJaXol-) | (oler-inom- Mac) ae-|iam-laatelolaiaoy maat=leate)avmdat-] andl | malolml ol-m-)"Z-11(-]o)(-m ie) melual-lar-] 6) oul mV olUN-lacm av alallalomarclan=mulalare(ohivas 
apps within Qubes OS Qubes, the ram overhead will be significant. 


You should also check their hardware compatibility here https://www.qubes-os.org/hcl/ “""*-°'8! before proceeding. 
Your mileage might vary, and you might experience several issues about hardware compatibility that you will have to 
iu gol] 0) (=) aveXo) mr-) ale mse) hY{-mV 010) a2) | 


| think that if you can afford it and are comfortable with the idea of using Linux, you should go with this route as it is 
probably the best one in terms of security and privacy. The only disadvantage of this route is that it does not provide 
a way to enable OS-wide plausible deniability*"’, unlike the Whonix route. 


Pick your connectivity method: 
There are seven possibilities within this route: 
e Recommended and preferred: 
o Use Tor alone (User > Tor > Internet) 
o Use VPN over Tor (User > Tor > VPN > Internet) in specific cases 
o Usea VPS with a self-hosted VPN/Proxy over Tor (User > Tor > Self-Hosted VPN/Proxy > Internet) 
in specific cases 
e Possible if required by context: 
o Use VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) 
o Use Tor over VPN (User > VPN > Tor > Internet) 


e Not recommended and risky: 

o Use VPN alone (User > VPN > Internet) 

o Use VPN over VPN (User > VPN > VPN > Internet) 
e Not recommended and highly risky (but possible) 

o NoVPN and no Tor (User > Internet) 





Tor only: 
aU alka atom ola-viclaacre br-]alom aaloysimia-toce)aalant-lalel-lo myo) 0 iule)e 
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Qube OS normal network connection (Public Wi-Fi) 
Qube OS Internal Network 


Encrypted Tor Network (sys-whonix Qube) 





Qube App VM Internet Services 





VVAidalmaal kowcxo) [Ul dolapar-]| Vole lal al-uaN\cola qr-xel-tommu a] colUl4 ai Ko) emr-] ave Mims) a(el0) (eM ol-McUy au lel(=lalmnem40l-]e-]ain-t-mv(olllmr-larelahanliavalal 
most cases. 


There is one main drawback tho: Some services block/ban Tor Exit nodes outright and will not allow account 
creations from those. 


To mitigate this, you might have to consider the next option: VPN over Tor but consider some risks associated with it 
explained in the next section. 


This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service 
NVoLU) (om oX= Milan) eXeyss3] o)(-M ine) a alr- lm Ko) am =>. diem a(ole( Pam Mal (cM (cM of Yer- LUI nat JalVarcc) aV( SIN VA1I UK] mOLU| da t=d pion oy-] apm all alel =) @ae) aio) [ole] al Kel 


Exit Nodes (see https://gitlab.torproject.org/legacy/trac ikis/org/doc/ListOfServicesBlockingTor [’chive.crsl) , 
This solution can be achieved in two ways: 


e Paid VPN over Tor (easiest) 
e Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in avoiding online obstacles such as captchas 
but requiring more skills with Linux) 


As you can see in this illustration, if your cash (preferred)/Monero paid VPN/Proxy is compromised by an adversary 
(despite their privacy statement and no-logging policies), they will only find an anonymous cash/Monero paid VPN 
account connecting to their services from a Tor Exit node. 


Qube OS Internal Network 
Encrypted Tor Network (sys-whonix Qube) 





Lj Encrypted Cash-Paid VPN Qube (VPN Qube) 
EES 


Qube App VM Internet Services 








If an adversary somehow manages to compromise the Tor network too, they will only reveal the IP of a random 
public Wi-Fi that is not tied to your identity. 


If an adversary somehow compromises your VM OS (with malware or an exploit for instance), they will be trapped 
within the internal Network of Whonix and should be unable to reveal the IP of the public Wi-Fi. 


This solution however has one main drawback to consider: Interference with Tor Stream Isolation*™. 


Stream isolation is a mitigation technique used to prevent some correlation attacks by having different Tor Circuits 
for each application. Here is an illustration to show what stream isolation is: 


364 Whonix Documentation, Stream Isolation https://www.whonix.org/wiki/Stream_lIsolat 
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(Illustration from Marcelo Martins, ik b/er ed-via rchive.org)y 





VPN/Proxy over Tor falls on the right-side** meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all 
activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the 
effectiveness of Tor in some cases and should therefore be used only for some specific cases: 
CAVA at=1a Moll) aol sia) at-la(o) a lmct =) aVd (We (oY=\oM alo) ar-1| (0) VN Ko) a => di ml a(olo(=tcp 
e When you do not mind using a shared Tor circuit for various services. For instance for using various 
authenticated services. 


You should however consider not using this method when your aim is just to browse random various 
unauthenticated websites as you will not benefit from Stream Isolation nt dal emocole) Co Mant-)¢-maxelaa=lt-lalolam-lat-lo.c) 
easier for an adversary between each of your sessions (see Yc onyn ). 


\WAKoyaemlavke)aantelalelanrc ia 
e 
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You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? Well, | would not 
necessarily it: 
=" Disadvantages 


365 Whonix Documentation, Tunnels Comparison Table, 
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o Your VPN provider is just another ISP that will then know your origin IP and will be able to de- 
anonymize you if needed. We do not trust them. Prefer a situation where your VPN provider does 
not know who you are. It does not add much in terms of anonymity. 

o This would result in you connecting to various services using the IP of a Tor Exit Node which is 
banned/flagged in many places. It does not help in terms of convenience. 

=» Advantages: 

o The main advantage is that if you are in a hostile environment where Tor access is 
impossible/dangerous/suspicious, but VPN is okay. 

o This method also does not break Tor Stream isolation. 


Note, if you’re having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges 
(see Tor Documentation https://2019.www.torproject.org/docs/bridges "hve o's] and Whonix Documentation 
https://www.whonix.org/wiki/Bridges ‘hive o8]), 


It is also possible to consider VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) using two cash/Monero 
paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix 
VAI exoy a] ai=Yei mu xolM Ko) amr 1alo Mm ilar-liNAMYZOLOlOAVANY/ MUYAL] Meco) a] al =Xeiam Ko m= It Lore) a To MAVArd \ ONY) am Mo) me) YZ=1 MAYA ra NI (SKeY=) 
https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor /’chive-crel) 


This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere 
for achieving reasonable anonymity. 


Achieving this technically is easy within this route, you need two separate anonymous VPN accounts and must 
connect to the first VPN from the Host OS and follow the route. 


Conclusion: Only do this if you think using Tor alone is risky/impossible but VPNs are okay. Or just because you can 
and so why not. This method will not lower your security/privacy/anonymity. 


VPN only: 
aM als celein=m/1| maceyml ol-M=>¢e)-Ilal=vom ale) ml a=vero) aalaat=lae(=1e p 
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anonymous VPN over Tor to get the preferred solution. 


Just using a VPN or even a VPN over VPN makes no sense as those can be traced back to you over time. One of the 
VPN providers will know your real origin IP (even if it is in a safe public space) and even if you add one over it, the 
second one will still know you were using that other first VPN service. This will only slightly delay your de- 
anonymization. Yes, it is an added layer ... but it is a persistent centralized added layer, and you can be de- 
anonymized over time. This is just chaining 3 ISPs that are all subject to lawful requests. 


For more info, please see the following references: 

e = https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies, Proxy_Chains, and_VPN_Services#T 
or_and_VPN_Services_Comparison ’hive.orel 

e = https://www.whonix.org/wiki/Why_does_Whonix_use_Tor /*chive.ors] 

e https://www.researchgate.net/publication/324251041_ Anonymity_communication_VPN_and_Tor_a_comp 
arative_study “rchivecrs] 

e = https://gist.github.com/joepie91/5a9909939e6ce7d09e29#file-vpn-md Archive ore] 

e https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html “chive-crs) 


In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should 
use it if you can. 


No VPN/Tor: 
If you cannot use VPN nor Tor where you are, you probably are in a very hostile environment where surveillance and 
control are extremely high. 


Just do not, it is not worth it and too risky IMHO. You can be de-anonymized almost instantly by any motivated 
adversary that could get to your physical location in a matter of minutes. 
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Do not forget to check back on Adversaries (threats) and Appendix S: Check your network for 
surveillance/censorship using OONI. 


If you have absolutely no other option and still want to do something, see Appendix P: Accessing the internet as 
safely as possible when Tor/VPN is not an option (at your own risk). 

















Conclusion: 

Connection Anonymity | Ease of Tor Safer where | Speed Cost Recommended 

Type Access to | Stream Tor is 

online isolation | suspicious/ 
resources dangerous 

Tor Alone feTofeye| Medium | Possible | No Medium Free Yes 

Tor over VPN | (000+ Medium | Possible | Yes Medium | Around If needed (Tor 
50€/y inaccessible) 

Tor over VPN | Best Medium | Possible | Yes Poor PV cole lare| Yes 

Colt am Kola 50€/y 

VPN over Tor | Good- [eTeYere| iN fo) To) Medium | Around If needed 
50€/y (convenience) 

Self-Hosted Good- Very To) To) Medium | Around him at=texe(=1e| 

VPS Good 50€/y (convenience) 

VPN/Proxy 

(oh V{=1 am Ke) g 

VPN/Proxy Good- Good To) Yes ceXe) g PV gel rare| If needed 

Co\V{=] am Ke) mo) Y(=1 8 100€/y (convenience 

VPN Fave lM Kole 

inaccessible) 

VPN/Proxy Bad (eTefoye| NEN Yes (eTefeye| PVgolt tare! To) 

Alone 50€/y 

IN Tol ey ar Tae | Bad Unknown | N/A To) Good Around 100€ | No. At your 

VPN (Antenna) own risk. 





























Unfortunately, using Tor alone will raise the suspicion of many destinations’ platforms. You will face many hurdles 
(captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in 
trouble just for that. But Tor remains the best solution for anonymity and must be somewhere for anonymity. 


If you intend to create persistent shared and authenticated identities on various services where access from 
Tor is hard, | recommend the VPN over Tor and VPS VPN/Proxy over Tor options (or VPN over Tor over VPN 
if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but 
provides much better convenience in accessing online resources than just using Tor. It is an “acceptable” 
trade-off IMHP if you are careful enough with your identity. 

o Note: It is becoming more common that mainstream services and CDNS are also blocking or 
hindering VPN users with captchas and other various obstacles. In that case, a self-hosted VPS 
with a VPN/Proxy over Tor is the best solution for this as having your own dedicated VPS 
guarantees you are the sole user of your IP and encounter little to no obstacles. Consider a Self- 
hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux) if you want the 
least amount of issues (this will be explained in the next section in more details). 

If your intent however is just to browse random services anonymously without creating specific shared 
identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. 
Then | recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN 
if you need to). 

If cost is an issue, | recommend the Tor Only option if possible. 

If both Tor and VPN access are impossible or dangerous then you have no choice but to rely on Public wi-fi 
safely. See Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option 


For more information, you can also see the discussions here that could help decide yourself: 


Tor Project: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN [‘chive.ore] 
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e Tails Documentation: 
o = https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/ ’chive.crel 
o https://tails.boum.org/support/fag/index.en.html#index20h2 Mrchive.ors] 
Cin AVA alolaly a Yori ant-laie-la(olam (iamualsme)ge(-1a 
o  https://www.whonix.org/wiki/Tunnels/Introduction 4’hve-ors] 
0 https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN chive.ore] 
o  https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor *chive.cre] 
e Some papers on the matter: 
o https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_ 
a_comparative_study [rchive.org] 


Getting an anonymous VPN/Proxy: 
Skip this step if you want to use Tor only or VPN is not an option. 


See Appendix O: Getting an anonymous VPN/Proxy 


Note about Plausible Deniability: 

Qubes OS uses LUKS for full disk encryption and it is technically possible to achieve a form of deniability by using 
detached LUKS headers. This is not yet integrated into this guide but you will find a tutorial on how to achieve this 
here: http://dreadytofatroptsdj6io7|3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/af76301c21e1b4a33851 and 
some more background information within the Linux Host OS section (see Note about plausible deniability on Linux). 


Naksiwel lelulelar 
We will follow the instructions from their own guide https://www.qubes-os.org/doc/installation-guide/ “n've.!, 


(Secure Boot is not supported as per their FAQ: https://www.qubes-os.org/faq/#is-secure-boot-supported Archive ore] 
so it should be disabled in the BIOS/UEFI settings.) 


e Download the latest Qubes OS 4.0.x installation ISO according to their hardware compatibility list. 
e Prepare a USB key with the Qubes OS ISO file 
e Install Qubes OS according to the installation guide: 
© If you want to use Tor or VPN over Tor: Check the “Enabling system and template updates over the 
Tor anonymity network using Whonix” during the last step. This will force all Qubes OS updates to 
go through Tor. While this will significantly reduce your update speed, it will increase your 
anonymity from the start. (If you are having issues connecting to Tor due to censorship or blocking, 
consider using Tor Bridges as recommended earlier. Just follow the tutorial provided here: 
https://www.whonix.org/wiki/Bridges "hive ors] 
o If you want to use Tor over VPN or cannot use any of those, leave it unchecked. 
e If you cannot use Tor at all, there is also no point in installing Whonix. So, you should disable Whonix 
installation within the Software Selection Menu. 


Lid Closure Behavior: 

Ulatcolanelar-1x-1\AM O10] o(- OSM (ol-\m alo) m0] 9) oLolaa all ol-laat-lelela beam’ Zale aMicM lV nO Tamm a=te4-1 a0 at -mae) (ol ofelol a-lar- [ol <a Ke 
raaliuf=eelnem nalosy=Pum Mm alt-4a} Vara =xo) palaat=dalemuar-] moll moo) ay it -401x-M O10] oft OM xo Ms) alU| mo(o\ amo) alr-la\ya exe\{-) ar-leid(olam (exe\ (1m olianel ap 
lid closure). You can do set this from the XFCE Power Manager. Do not use the sleep features. 


Connect to a Public Wi-Fi: 
Remember this should be done from a safe place (see Find some safe places with decent public Wi-Fi and Appendix 
Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance): 

e Inthe upper right corner, Left-click the network icon and note the Wi-Fi SSID you want to connect to 

e Now right-click the network icon and select Edit Connections 

e Add one using the + sign 


366 Qubes OS Issues, Simulate Hibernation / Suspend-To-Disk #2414 https://github.com/QubesOS/qubes-issues/issues/2414 
VNel aY\Vemo) g4 | 
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e Select Wi-Fi 
e Enter the SSID of the desired network you noted before (if needed) 
e Select Cloned Mac Address 
e Select Random to randomize your Mac Address 
o Warning: This setting should work in most cases but can be unreliable on some network adapters. 
Please refer to this documentation if you want to be sure: https://github.com/Qubes- 
Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md “"chive-ors] 
e Save 
e Now again Left-click the connection account and connect to the desired Wi-Fi 
e If this is an Open Wi-Fi requiring registration: You will have to start a browser to register 
o After you are connected, Start a Disposable Fedora Firefox Browser 
o Go into the upper left Menu 
© Select Disposable, Fedora, Firefox 
o Open Firefox and register (anonymously) into the Wi-Fi 


Updating Qubes OS: 
After you are connected to a Wi-Fi you need to update Qubes OS and Whonix. You must keep Qubes OS always 
updated before conducting any sensitive activities. Especially your Browser VMs. Normally, Qubes OS will warn you 
about updates in the upper right corner with a gear icon. As this might take a while in this case due to using Tor, you 
can force the process by doing the following: 

in G1 | (ol aie a 0] 0) of =) al (ya my-V 0) 0) | (ery (ol atsm( ae) 

CRsy =) (=101 S)V5102) 901 Kole) [s 

e Select Qubes Update and Launch it 

e Check the “Enable updates for Qubes without known available updates” 

Cesy=) (10 ar-] | dal =m O10] of=15 

e Click Next and update 

elf you checked the Tor option during install, wait patiently as this might take a while over Tor 


Updating Whonix from version 15 to version 16: 
Follow the instructions on https://www.whonix.org/wiki/Qubes/Install “chve-o8l 


Hardening Qubes OS: 
Disclaimer: This section is under construction and will be worked on heavily in the next releases. This section is for 
more advanced users. 


Application Sandboxing: 
While Qubes OS is already sandboxing everything by design, it is also useful to consider sandboxing apps themselves 
using AppArmor or SELinux. 


To} ey Naantol as 

“AppArmor is a Mandatory Access Control framework. When enabled, AppArmor confines programs according to a 
set of rules that specify what files a given program can access. This initiative-taking approach helps protect the 
system against both known and unknown vulnerabilities” (Debian.org). 


Basically, AppArmor?®’ is an application sandboxing system. By default, it is not enabled but supported by Qubes OS. 


Cy -\ ofel0] mid al =m mie (0) e-IAVANV/ SH 

o Fedora does not use AppArmor but rather SELinux so see the next section for that. 
e About the Debian VMs: 

o Head out and read https://wiki.debian.org/AppArmor Archive-crs] 
e About any other Linux VM: 

oyun nl=t-\e el] ar-lalolma-r-[ep 


367 Wikipedia, AppArmor https://en.wikipedia.org/wiki/AppArmor /Wikiless] [Archive.org] 
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= https://wiki.archlinux.org/title/AppArmor /rchivecre] 
= https://wiki.debian.org/AppArmor Archive.crel 
e About the Whonix VMs, you should consider enabling and using AppArmor, especially on the Whonix VMs of 
Qubes OS: 
o First, you should head out and read https://www.whonix.org/wiki/AppArmor rchive-cre] 


© Secondly, you should head out again and read https://www.whonix.org/wiki/Qubes/AppArmor 
[Archive org] 


SELinux: 
SELinux?® is similar to AppArmor. The differences between SELinux and AppArmor are technical details into which 
we will not get. 


Here is a good explanation of what it is: https://www.youtube.com/watch?v=_WOKRaM-HI4 !nvidious] 


In this guide and the context of Qubes OS, it is important to mention it as it is the recommended method by Fedora 
which is one of the default systems on Qubes OS. 


So, head out and read https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/ Archiver] 
You could make use of SELinux on your Fedora Templates. But this is up to you. Again, this is for advanced users. 


S10) OM AT MAVArd\ Ia OD.AVAVALY/ 
Skip this step if you do not want to use a VPN and just use Tor only or if VPN is not an option either. 


This tutorial should also work with any OpenVPN provider (Mullvad, IVPN, Safing.io, or ProtonVPN for instance). 


This is based on the tutorial provided by Qubes OS themselves (https://github.com/Qubes- 
Community/Contents/blob/master/docs/configuration/vpn.md "he--"8l)_ |f you are familiar with this process, you 
can follow their tutorial. Here is mine: 


Create the ProxyVM: 
e Click the Applications icon (upper left corner) 
e Click Create Qubes VM 
e Name and label as you wish: | suggest “/PNGatewayVM” 
C aesy-1 (101 al BY, eX-Hes i= alel-] (e)a(-m@lU] ol-mece)o)(-lomane)aai-Mma-yaql e) (1-1 
e Select Template: Debian-10 (or Debian-11 if you already have it installed) 
e Select Networking: 
o Select sys-whonix if you want to do VPN over Tor / Tor only (recommended) 
o Select sys-firewall if you want to do Tor over VPN / No Tor or VPN / Just VPN 
e Advanced: Check provides network 
Ci la =Yel umes) =] a ml @10) of-W-] 0] mola at-1a(er-) |hYae) alm efoto) am 
e Create the VM 
e Test your Connectivity: 
o If you are going for VPN over Tor, Test the VM connectivity to Tor by launching a Browser within the 
ProxyVM and going to https://check.torproject.org “""’*-°"8l (It should say you are connected to Tor) 
o If you are going for Tor over VPN, Test the VM connectivity to the internet by launching a Browser 
within the ProxyVM and access any website. 


Download the VPN configuration from your cash/Monero paid VPN provider: 


If you can use Tor: 
Using Tor Browser (be careful not to use any Clearnet Browser for this), download the necessary OpenVPN 
configuration files for Linux from your VPN provider. 


This can be done by using the Qubes OS integrated Tor Browser by accessing the Applications icon (upper left 


corner) and selecting the Disposable Tor Browser application. 


368 Wikipedia, SELinux https://en.wikipedia.org/wiki/Security-Enhanced_Linux !Wikiless] [Archive.org] 
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If you cannot use Tor: 

TU] aol aWr-u 6] co) VAX =) ai ce) aa Wr-Im BK) oLeys¥=] 0) (NVA \V/ Weed ave Mele) Za) (ox-\e Ma alm al=Yor-tsxy-] YAO) oL-lahVird No) ayil:40le-)a (olan il (=m celal Mfalvp @ine)aal 
your VPN provider. See Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an 
option. 


AViV/aXelaMZol0 I=] ame (ol al-MeoConivaay (oy-Vol|ay-mdal=Mao)ayats40le-ya(ola mal (=tMnivall aM dalem Dis olesy-] 0) (=m =) con’ cci=1an (UIUF-] | Vater] OM TI(=) Axe) oVadalelen 
to your ProxyVM VPN Gateway machine (using right-click on the file and send to another AppVM). 


Configure the ProxyVM: 
Skip this step if you are not going to use a VPN 


e Click the upper left corner 
e Select the VPN VM you just created 
e Open the Files of the VPN VM 
e Go into “Qubesincoming” > dispXXXX (This was your Disposable Browser VM) 
e Double Click your downloaded zip file containing your OpenVPN configuration files to unzip it 
e Now select the VPN VM again and start a terminal 
e Install OpenVPN with the following command sudo apt-get install openvpn ~ 
CW Go} ohYat=] | al =M ©) o1=1ahVAcd \ exe) ayitsa0]e-1u(o) ali] (atom ol gen Vd(ol=Xo Mm o\ Van elU] anY 21 \ mo) gen Va(o(=1 an lal A=1e/Ae) ol=1ahV] 8) AVA 
Cin so) er-] | dat @) ol=lahva-a\ Moco) ayats40la-yaKolamil(=sM (xe) met Le al (oXer-\a ola) bs 
o Edit each file using “sudo nano configfile’* (do not forget sudo to edit the file within /etc) 
o Change the protocol from “udp” to “tcp” (Tor does not support UDP) 
o Change the port to a supported (by your VPN provider) TCP port (like 80 or 443) 
o Save and exit each file 
e Edit the OpenVPN config file (/etc/default/openvpn) by typing “sudo nano /etc/default/openvpn 
(because | do not like vi editor) 
o Change “#AUTOSTART="all"’~ to * AUTOSTART="all"”* (in other words, remove the "#") 
o Save and Exit 
e Edit the Qubes firewall rules file (/rw/config/qubes-firewall-user-script) by typing “sudo nano 
/rw/config/qubes-firewall-user-script” 
o Add the following lines (without the quotes and remarks in parentheses) 
» ~“virtualif=10.137.0.17°~ 


(This is the IP of the ProxyVM, this is not dynamic, and you might need to change it at reboot) 
=» °vpndns1=10.8.0.1°~ 

(This is the first DNS server of your VPN provider; it should not change) 

=» ~“vpndns2=10.14.0.1°~ 

(This is the second DNS server of your VPN provider; it should not change) 


=» °“iptables -F OUTPUT 

= ~iptables -| FORWARD -o ethO -j DROP” 
= *iptables -| FORWARD -i ethO -j DROP’ 

= *ip6tables -| FORWARD -o ethO -j DROP’ 
= ~“jp6tables -| FORWARD -i ethO -j DROP’ ~ 


(These will block outbound traffic when the VPN is down, it is a kill switch, more information 
here https://linuxconfig.org/how-to-create-a-vpn-killswitch-using-iptables-on-linux ’hive.ore! ) 


s “iptables -A OUTPUT -d 10.8.0.1 -j ACCEPT 
Lames | 0) -] 0) (=: ©) ON Ol ro at AO) Oh eS \ O10) = 2 a 


(These will allow DNS requests to your VPN provider DNS to resolve the name of the VPN servers 
in the OpenVPN configuration files) 
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= “iptables -F PR-QBS -t nat” 

= iptables -A PR-QBS -t nat -d Svirtualif -p udp --dport 53 -j DNAT --to Svpndns1°* 
« ~iptables -A PR-QBS -t nat -d Svirtualif -p tcp --dport 53 -j DNAT --to Svpndns1*~ 
= ~iptables -A PR-QBS -t nat -d Svirtualif -p udp --dport 53 -j DNAT --to Svpndns2°*** 
« iptables -A PR-QBS -t nat -d Svirtualif -p tcp --dport 53 -j DNAT --to Svpndns2°~ 


(These will redirect all DNS requests from the ProxyVM to the VPN provider DNS servers) 


Restart the ProxyVM by typing “sudo reboot” 
Test the ProxyVM VPN connectivity by starting a Browser within it and going to your VPN provider test page. 
It should now say you are connected to a VPN: 

o Mullvad: https://mullvad.net/en/check/ chivecrs] 

OM VA PAL ALS SHV AWAY AVAL, 814M a1=19 aaubeiaea an (ol aT -Yol aid at=mcey on ef-Talal-Ta) 

© ProtonVPN: Follow their instructions here https://protonvpn.com/support/vpn-ip-change/ ’chive-ors] 


VPN over Tor: 


Set up a disposable Browser Qube for VPN over Tor use: 


Within the Applications Menu (upper left corner), Select the Disposable Fedora VM 
Go into Qube Settings 

Click Clone Qube and name it (like “VPNoverTor”) 

Again, within the Application Menu, Select the Clone you just created 

Go into Qube Settings 

Change the Networking to your ProxyVPN created earlier 

Click OK 

Start a Browser within the Whonix Workstation 

Check that you have VPN connectivity, and it should work 


bol UIE) aoL0] (ol avon WVAl at-hV{=¥-Im DJS ofey<t-] 0) (<1 3] con VAT=1ONVANY/ Ma aT-l ane) a <cMVVZ 10 pInYZOL0] ak or-I<) nV ANY/(o) al=1 co) ol-]e MVAna\ ohZ=1 aml Ke] 


Tor Over VPN: 
Reconfigure your Whonix Gateway VM to use your ProxyVM as NetVM instead of sys-firewall: 


Within the Applications Menu (upper left corner), Select the sys-whonix VM. 

Go into Qube Settings 

Change the Networking NetVM to your ProxyVPN created earlier instead of sys-firewall 

Click OK 

Create a Whonix Workstation Disposable VM (follow this tutorial 
https://www.whonix.org/wiki/Qubes/DisposableVM [rchive-ors]) 

Launch a browser from the VM and Check that you have VPN connectivity, and it should work. 


Alternatively, you can also create any other type of disposable VM (but less secure than the Whonix one): 


Within the Applications Menu (upper left corner), Select the Disposable Fedora VM 
Go into Qube Settings 

Click Clone Qube and name it (like “TorOverVPN”) 

Again, within the Application Menu, Select the Clone you just created 

Go into Qube Settings 

Change the Networking to your sys-whonix created earlier 

Click OK 

Start a Browser within the VM 

Check that you have VPN connectivity, and it should work 


WLoLU IES) aoL0] (ol avon WV at-)V{=¥te MD) IS efe}st-] 6) (15) qe WAX ONVAlY/ Ma al-y an Ze) acm Zi al Ko) at @)\{=] a Merk) a A \V/ela\=1aol ef-J(o AVN 


Any other combination? (VPN over Tor over VPN for instance) 
VA aLen ANY ZoLU Mm) ale l¥] (MU) ave (= aca] alo alo) wVA=y-KS)\a len MRO golUin-Mue-Vai(omiae)eaMelal-mvd\V/muomaal-Moldal-lan" iam O10) ol 
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You can create several ProxyVMs for VPN accesses and keep the Whonix one for Tor. You just need to change the 
NetVM settings of the various VMs to change the layout. 


You could have: 
e One VPN ProxyVM for the base Qubes OS connection 
e Use the sys-whonix VM (Whonix Gateway) getting its network from the first ProxyVM 
e Asecond VPN ProxyVM getting network from sys-whonix 
e Disposable VMs getting their NetVM from the second ProxyVM 


This would result in User > VPN > Tor > VPN > Internet (VPN over Tor over VPN). Experiment for yourself. Qubes OS is 
great for these things. 


Setup a safe Browser within Qubes OS (optional but recommended): 
See: Appendix V: What browser to use in your Guest VM/Disposable VM 


mie (o)gem D)KsyeleXxe] 6](<n 41 
Within the Applications Menu (upper left), Select the Fedora-3x template (x being the latest Fedora template 
available in your install): 

Cn Glo [al Ko LU] of-Msy-1ad | a} -43 

e Clone the VM and name it “fedora-3x-brave” (this VM template will have Brave) 

e Again, go into the Applications Menu and select the clone you just created 

Cn Clo [al Ko O10] ol-Msy-1ad | a} -45 

e Change its network to the ProxyVPN and Apply 

e Launch a terminal from the VM 


If you want to use Brave: apply the instructions from https://brave.com/linux/ “hv*°'8l (Fedora 28+ section) and run 
the following commands: 


e sudo dnf install dnf-plugins-core ~ 

e ~*sudo dnf config-manager --add-repo https://brave-browser-rpm-release.s3.brave.com/x86_64/"* 
e sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc 

e sudo dnf install brave-browser ~ 


You should also consider hardening your browser, see 


WAatoyathal BYKy efekye] 6) (a1. 
Edit the Whonix Disposable VM template and follow instructions here 
https://www.whonix.org/wiki/Install_ Software [rchive.or] 


Additional browser precautions: 
e See: Appendix V1: Hardening your Browsers 
e See: Appendix A5: Additional browser precautions with JavaScript enabled 


Setup an Android VM: 

Because sometimes you want to run mobile Apps anonymously too. You can also set up an Android VM for this 
purpose. As in other cases, ideally, this VM will also be sitting behind the Whonix Gateway for Tor network 
connectivity. But this can also be set up as VPN over Tor over VPN. 


Since the Android-x86 does not work “well” with Qubes OS (my own experience). | will instead recommend using 
AnBox (https://anbox.io/ "h'’e-°8!) which works “well enough” with Qubes OS. More information can also be found 
at https://www.whonix.org/wiki/Anbox Archive ore] 


If you can use Tor (natively or over a VPN): 
Later in the Qubes settings during creation: 
e Select Networking 
e Change to sys-Whonix to put it behind the Whonix Gateway (over Tor). 
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If you cannot use Tor: 
Just use the tutorials as is. See Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an 
option. 


akynell(onuleyan 
Basically, follow the tutorial here: 
e Click the Applications icon (upper left corner) 
e Click Create Qubes VM 
e Name and label as you wish: | suggest “Android Box” 
e Select Type: Standalone Qube copied from a template 
CSammesy-) (=f 04 aml K=10n) 0) f-1k=Fau Y=) ol =] atom OM (o) am DY-) eo) -1 pte Mt MN mYZoLU Nr] a=¥-[e ha at-\m im lakciee] (2Xo)) 
e Select Networking: 
© Select sys-whonix if you want to do VPN over Tor / Tor only (recommended) 
o Select sys-firewall if you want to do Tor over VPN / No Tor or VPN / Just VPN 
e Start the Qube and open a Terminal 


Now you will have to follow the instructions from here: https://github.com/anbox/anbox-modules ’"hve-0'8); 
e Start by closing the AnBox Modules repository by running: 
o git clone https://github.com/anbox/anbox-modules.git 
omen CoM [aixemaal-mol(olal-ve Mel |a-\eine) av] 
o Run ./INSTALL.sh*™* (or follow the manual instructions on the tutorial) 
e Reboot the machine 
e Open anew terminal 
Cn aici] syat-lon o)vaaulalal lates 
© sudo apt install snapd 


Now we will follow their other tutorial from here: https://github.com/anbox/anbox/blob/master/docs/install.md 
[Archive org]. 


Cen atsie=]W-Val sto) @l ova avi aval lates 


© snap install --devmode --beta anbox’ ~ 
Ce Kom U) ole -ln-W-Nals{o) @lr-la-lem av lan 
© snap refresh --beta --devmode anbox 


e Reboot the machine 
e Open a terminal again and start the emulator by running: 
Oo > anbox.appmgr 


This should pop up an Android interface. Sometimes it will crash, and you might have to run it twice to make it work. 


If you want to install apps on this emulator: 
e Install ADB by running: 
o sudo apt install android-tools-adb~ 
e First start Anbox (run “anbox.appmegr’*’) 
e Grab the APK of any app you want to install 
Cee \ onan aks ie) | TalVay-\ rd @l oh mae Talal layse 
o > adb install my-app.apk ~ 


aN at-1emcM Ll YZOLU I) ae L0](0 Mate) wVm ar-)=M-]aW-Vale]ge)(eM@lU] ol-Me) i=] am Kolm Colmr-lanvaaallalca=l (X=) mor] ex-]¢)(-Melmaulalallarcal elaqinavmaaleleial-lanva-Ve)e) 
you can sideload with ADB. This is, for now, and IMHO, the easiest way to get Android emulation on Qubes OS. 


KeePassXC: 
You will need something to store your data (logins/passwords, identities, and TOTP*®? information). 


369 Wikipedia, TOTP https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm Wikies] [Archive.org] 
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For this purpose, | strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to 
create entries for 2FA*”° authentication with the authenticator feature. 


In the context of Qubes OS you should store your sensitive information within the Domain-vault Qube: 
e First, click the Applications icon (upper left) and select the Domain: Vault Qube. 
e Click Qubes Settings 
e Temporarily enable network by changing the network to your VPN ProxyVM you created earlier 
e Open a terminal within the Domain: Vault Qube 
e Type: sudo dnf install keepassxc and wait for it to install 
e Close the terminal and disable the network by changing back the network to (none) 
e Go back into the Domain: Vault Qube Settings and into the Applications tab 
e Click Refresh 
e Add KeePassxXC to the Selected tab 
e Launch KeePassXC within the Domain: Vault Qube 


You are done and can now skip the rest to go to the “Creating your anonymous online identities” part. 





TO PROVE YOU'RE HUMAN, PLEASE |i To PROCEED, CLICK 
CLICK EVERY BOX CONTAINING A ALL THE PICTURES OF 
VERG THAT STARTS WITH “A* MIN os 


D (ALE man 


STALL 1 A HELPER 7 Te 









THEY'RE GETTING SMARTER. 


(IIlustrations by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) 


Captcha?” stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” are Turing 
tests®”” puzzles you need to complete before accessing a form/website. You will mostly encounter those provided by 


370 Wikipedia, Multi-Factor Authentication https://en.w Multi-factor_authentication 'ikiless] [Archive.org] 
371 Wikipedia, Captcha https:/ al ex=xe/) i 


372 Wikipedia, Turing Test https://en.wikipedi 


, [Wikiless] [Archive.org] 
A 


[Wikiless] [Archive.org] 
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Google (reCAPTCHA service?”?) and Cloudflare (hCaptcha?”*). hCaptcha is used on 15% of the internet by their own 
metrics?”°. 


They are designed to separate bots from humans but are also clearly used to deter anonymous and private users 
from accessing services. 


If you often use VPNs or Tor, you will quickly encounter many captchas everywhere?”°. Quite often when using Tor, 


even if you succeed in solving all the puzzles (sometimes dozens in a row), you will still be denied after solving the 
puzzles. 


See https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor A’chve.ore] 


While most people think those puzzles are only about solving a little puzzle, it is important to understand that it is 
much more complex, and that modern Captchas uses advanced machine learning and risk analysis algorithms to 
check if you are human?”’: 

e They check your browser, cookies, and browsing history using Browser fingerprinting?”®. 

e They track your cursor movements (speed, accuracy) and use algorithms to decide if it is “human/organic’”. 

e They track your behavior before/during/after the tests to ensure you are “human” ?”’. 


It is also highly likely that those platforms could already reliably identify you based on the unique way you interact 
with those puzzles. This could work despite obfuscation of your IP address / Browser and clearing all cookies. 


You will often experience several in a row (sometimes endlessly) and sometimes exceedingly difficult ones involving 
reading undecipherable characters or identifying various objects on endless pictures sets. You will also have more 
captchas if you use an ad-blocking system (uBlock for example) or if your account was flagged for any reason for 
UK aad rd \ ie) a Ko) mo) g-AV(OLUSI NYE 


You will also have (in my experience) more Captchas (Google’s reCAPTCHA) if you do not use a Chromium-based 
browser. But this can be mitigated by using a Chromium-based browsers such as Brave. There is also a Browser 
extension called Buster that could help you those https://github.com/dessant/buster “*chive-ors]_ 


As for Cloudflare (hCaptcha), you could also use their Accessibility solution here 
(https://www.hcaptcha.com/accessibility “""'°"2!) which would allow you to sign-up (with your anonymous identity 
created later) and set a cookie within your Browser that would allow you to bypass their captchas. Another solution 
to mitigate hCaptcha would be to use their own solution called “Privacy Pass” °° https://privacypass.github.io/ 

Archive or8] in the form of a Browser extension you could install in your VM Browser. 


You should therefore deal with those carefully and force yourself to alter the way you are solving them 
(speed/movement/accuracy/...) to prevent “Captcha Fingerprinting”. 


Fortunately, as far as | am aware, these are not yet officially/publicly used to de-anonymize users for third parties. 


To not have those issues, you should consider using a VPN over Tor. And the best option to avoid those is likely to 
use a self-hosted VPN/Proxy over Tor on a cash/Monero paid VPS server. 


373 Google reCAPTCHA https://www.google.com/recaptcha/about/ Archive orel 

374 hCaptcha https://www.hcaptcha.com/ A’chive.ors] 

375 hCaptcha, hCaptcha Is Now the Largest Independent CAPTCHA Service, Runs on 15% Of The Internet 
https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service Archive.orel 

376 Nearcyan.com, You (probably) don’t need ReCAPTCHA https://nearcyan.com/you-probably-dont-need-recaptcha/ *chive-crel 
377 ArsTechnica, “Google’s recAPTCHA turns “invisible,” will separate bots from people without challenges” 
https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/ A’chive.ors] 
378 BlackHat Asia 2016, “I’m not a human: Breaking the Google recAPTCHA”, https://www.blackhat.com/docs/asia- 
16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp. pdf [rchive.orel 

379 Google Blog https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html *chiveorel 


380 Cloudflare Blog, Cloudflare supports Privacy Pass https://blog.cloudflare.com/cloudflare-supports-privacy-pass/ [A’chive.orel 
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Phone verification: 
Phone verification is advertised by most platforms to verify you are human. But do not be fooled, the main reason 
cola) ato)a\-mUclaniler-id(elam ism arelae)al \Vmineme alo qi miolUpr-la-Male/aar-lalel0imr-] Kohnen of-W-]o)(-muxoMe|-er-]alolananir4-m elem mal=t-vo(-e 


Most platforms (including the privacy-oriented ones such as Signal/Telegram/ProtonMail will require a phone 
number to register, and most countries now make it mandatory to submit a proof of ID to register?**. 


Fortunately, this guide explained earlier how to get a number for these cases: Getting an anonymous Phone number. 


E-Mail verification: 
E-Mail verification is what used to be enough but is not anymore in most cases. What is important to know is that 
open e-mail providers (disposable e-mail providers for instance) are flagged as much as open proxies (like Tor). 


Most platforms will not allow you to register using an “anonymous” or disposable e-mail. As they will not allow you 
to register using an IP address from the Tor network. 


The key thing to this is that it is becoming increasingly difficult to sign-up for a free e-mail account anywhere without 
providing (you guessed it) ... a cell phone number. That same cell phone number can be used conveniently to track 
you down in most places. 


It is possible that those services (ProtonMail for instance) might require you to provide an e-mail address for 
registration. In that case, | would recommend you create an e-mail address from these providers: 

e MailFence: https://mailfence.com/ 

e Disroot: https://disroot.org 

e Autistici: https://autistici.org 

e =Envs.net: https://envs.net/ 

e  RiseUp: https://riseup.net """e" (It has come to my attention that the site now, unfortunately, requires an 

invitation from a current registered user) 
e CTemplar: https://ctemplar.com (unfortunately also requires invitation) 


Keep in mind that those do not provide a zero-access design (meaning they can access your e-mail at rest in their 
database) where only you can access your e-mail. 


Protecting your anonymous online identities e-mails using Aliasing services: 
If you want to avoid communicating your anonymous e-mail addresses to various parties. | would strongly suggest 
considering using e-mail aliasing services such as: 

e https://simplelogin.io/ (preferred first choice due to more options available to the free tier) 

e =https://anonaddy.com/ 


These services will allow creating random aliases for your anonymous e-mail (on ProtonMail for example) and could 
increase your general privacy if you do not want to disclose that e-mail for any purpose. They are both 
recommended by Privacyguides.org and Privacytools.io. I’m recommending them as well. 


User details checking: 
Obviously, Reddit does not do this (yet), but Facebook most likely does and will look for “suspicious” things in your 
details (which could include face recognition). 


Yo} aatem=),€1001 9) (5 
Ci | r-lolol asm ino) aae-MeOlUl aia avmellikslacla\endar-lam\elelme)celil(-maelelaidaye 
e Age in the profile not matching the picture age. 
Cin sieve) (lina amaal=w ol geval (malo) maar-ineallat-mdalemo)(od0|a-m-iaalal(ollaye 
e Language not matching the country language. 
Maen Ola) davohnvia i aWe-Van’(e)atem=) Yom xo) a) i=l oem (\V/U=¥-lallavem ale) elere Wate) <M aaron M010) B 
e Locking down privacy settings after signing up. 


381 Privacy International, Timeline of SIM Card Registration Laws https://privacyinternational.org/long-read/3018/timeline-sim- 


card-registration-laws A"chive-orsl 
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e Name that does not match the correct ethnicity/language/country? 


amexe)me) in| PAV=lalu(er-la(e)a 

The deal-breaker in most cases. As far as | know, only Facebook and LinkedIn (outside of financial services) have 
requested such verifications which involve sending pictures of some form of identification (passport, national ID 
card, driver's license ...). The only way to do this would involve creating fake official documents (forgery) using some 
decent Photoshop skills and this might be illegal in most places. 


Therefore, this is a line | am not going to help you cross within this guide. Some services are offering such services 
Cola} lfat=¥u oLOien dalla) aud a\=\ vate] a=W of- (0 fr-[olte) gchar] ale W-]a=Mo)YZ-) e1h-) 0) o)alcmivalelia oel0] ale l-la(eion 


In many countries, only law enforcement, some specific processes (such as GDPR requests), and some well-regulated 
financial services may request proof of identification. So, the legality of asking for such documents is debatable and | 
think such platforms should not be allowed to require those. 


In few countries (like Germany), this practice is illegal and online platforms such as Facebook or LinkedIn are legally 
oe 0laloln KoWr-] |e)" AZo] KoMUI\-m-m osX-10 (ole) anV/anmr-]alemaclaet-llam-lalelaniaalele ce 


IP Filters: 

As stated previously in this guide, many platforms will apply filters on the IPs of the users. Tor exit nodes are publicly 
listed, and VPN exit servers are “well known”. There are many commercial and free services providing the ability to 
block those IPs with ease (hi Cloudflare). 


WV/FeVanval ©) e-1a 0) da aku) oX-) e-] Ko) acw-alomr-Lelealfalisine-] xo) acMe (eM alelmnnr-laiemda-ai (om ine) aa Mdal-t\-M | cm-I W a(=\VACo) Ane) aol a \V=Wr- Ws (0) me) f 
unlawful/malicious/unprofitable traffic to their platforms. Usually using the same excuses: 
e Unlawful because “Think of the children” or “Terrorists”. 
e Malicious because of “Russian trolls”. 
e Unprofitable because “Well it’s noise in the data we sell to advertisers” (AdSense, Facebook Ads ...). Yet we 
still pay traffic for them so let us just deny them all instead. 


Fortunately, those systems are not perfect, and you will (still) be able to get around those restrictions by switching 
identities (in the case of Tor) and looking trying to access the website each time until you find an Exit Node that is 
not block-listed (yet). 


Sometimes some platforms will allow you to log in with a Tor IP but not sign-up (See 
https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor “ve ol), Those platforms will 
keep a convenient permanent log of the IP you used during sign-up. And some will keep such logs indefinitely 
including all the IPs you used to log in (hi Facebook). 


The tolerance is much higher with VPNs as they are not considered “open proxies” but that will not stop many 
platforms from making them hard to use by forcing increasingly difficult captchas on most VPN users. 


For this reason, this guide does recommend the use of VPN over Tor (and not Tor over VPN) in certain use cases. 
Remember that the best option to avoid those is to use a self-hosted VPN/Proxy over Tor on a cash/Monero paid 
VPS server. 


Browser and Device Fingerprinting: 
Browser and Device?” Fingerprinting are usually integrated into the Captcha services but also in other various 
services. 


Many platforms (like Google*®?) will check your browser for various capabilities and settings and block Browsers they 
do not like. This is one of the reasons | recommend using Chromium-based Browsers such as Brave Browser over Tor 
Browser within this VM. 


382 Wikipedia, Device Fingerprinting https://en.wikipedia.org/wiki/Device_fingerprint Wikiless] [Archive org] 
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Here are some of the things they check within recent browsers: 

e User-Agent: This is your Browser name and Version. 

e HTTP_ACCEPT Headers: This is the type of content your Browser can handle. 

e Time Zone and Time Zone Offset: Your time zone. 

 Mamesyol a =\-1 0S) 74-¥r-) 010 ce) (0) au DY) od aha Mal=W cso) [Vi dro)a me) mVo)0] mol g-1-10p 

e System Fonts: The typing fonts installed on your system. 

Cin (oo) 4( <1 0] 0) of 0) a ta | YZOL0] al 0) RONAN =) mmSL0] 0) 00) a uM @olo) 41 somo) al ale) 

e Hash of Canvas fingerprint and Hash of WebGL fingerprint: These are generated unique IDs based on your 
f-Ag-] 0) al(oma=dare (al ateaer-) ey] e) Nid (oe 

e WebGL Vendor & Renderer: Name of your Video card 

Cin DYors \(o) can = ol ak =lal-] 0) (10 Me) au alo) aan’ A\(- | PNYC-oSHm WaT NYAOr [A MUITomYZOL0)/ am DI \ [al colaaat-ldlelamnomae-[ol @vcoll) 

e Language: The language of your Browser 

e Platform: The Operating System you are using 

e Touch Support: If your system supports touch (such as a phone/tablet or touchscreen-enabled laptop) 

e Ad Blocking use: If your browser block ads 

e AudioContext fingerprint: Like the Canvas and WebGL fingerprints these will fingerprint your audio 
capabilities. 

e CPU: What kind of CPU you are using and how many of them 

e Memory: How much memory you have in your System 

e Browser Permissions: Is your browser allowing some things like geolocation or microphone/webcam access. 


Here are two services you can use to check your browser Fingerprinting: 
e https://coveryourtracks.eff.org/ 
e https://amiunique.org 
e https://browserleaks.com/ 


Chances are you will find your browser fingerprint unique no matter what you do. 


miUlantelamiane-ie-leidlelap 

Yo} aat=wo) F-laielaaakmdll m-lelo ima al iow iow Wm ole) aU Mcincl ol aloMa=te]0/la-m ole muon at-\{-W-]au-leld0l-] Male laat-lamiaincle-(oulelamidam- Robi no) pat-lg 
care representative. Usually by e-mail but sometimes by chat/phone. They will want to verify that you exist by asking 
you to reply to an e-mail/chat/phone call. 


It is annoying but quite easy to deal with in our case. We are not making bots. This guide is for humans making 
human accounts. 


User Moderation: 
Many platforms will delegate and rely on their users to moderate the others and their content. These are the 
“report” features that you will find on most platforms. 


Getting reported thousands of times does not matter when you are Donald Trump or Kim Kardashian but if you as a 
sole “friendless” anonymous user gets reported even once, you might get suspended/flagged/banned instantly. 


sX=l are NVdle) ie] WN ale I ASS 
See Your Digital Fingerprint, Footprint, and Online Behavior. 


eifarevavelie] mua-lalst- (eid eo laisse 

Simple and efficient, some platforms will require you to perform a financial transaction to verify your account 
sometimes under the pretext of verifying your age. This could be a credit card verification or an exceedingly small 
Vanvolelal am oy-]a), an lq-musie) aal=mwil | wr-\exer=] 0) ar-Imolo)a-1uleamlau-Maat-liameay/olnoloUlaaclaavall.<omsiinae)|aMe)m sidal-le-l0l0an 


(CTU ] Lo F-Tale=mnomel-\11-) (0) ol-1acm-yailin-tou o\Vmoll] m-1aie) a mkol 0) (ofel al -Km-lolU] a=W 0) co) NVAY-1acm-]ale fr-] oe) [er-}a le) als) 


https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html ’chive.orel 
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indirectly relying on third-party financial KYC?”° regulations. 


This is for instance now the case on YouTube for some European Users?™ but also used by services like Amazon that 
requires a valid payment method for creating an account. 


Verify your age 





Sign-in with some platform: 
Why do this user-verification ourselves when we can just ask others to deal with it? 


You will notice this, and you probably already encountered this. Some apps/platforms will ask/require you to sign in 
with a well-known and well-used reputable platform instead of their own system (Sign-in with 
Google/Facebook/Apple/Twitter). 


This option is often presented as the “default one”, hiding away the “Sign-in with e-mail and password” with clever 
DyeTa a exclunelaalceammr-lale MU layed ane lat-yn-) Naso) aat-iulaat=tmalex-e (-Yep 


This method will delegate the verification process on those platforms instead of assuming that you will not be able 
to create an anonymous Google/Facebook/Apple/Twitter account with ease. 


Fortunately, it is still possible to this day to create those. 


Live Face recognition and biometrics (again): 
Ml alkmiwrerolanlanrolamaat=inalole mello mo) aMcve)aal-MOlavs einem e-lollalca olr-lace) qaatse-lale BcYolanl-Mel-lulat-a-\ 0) oss 


Some platforms/apps will require you to take a live picture of yourself either doing something (a wink, holding an 
arm up ...) or showing a custom piece of information (a handwritten text, a passport, or ID) within the picture. 
Sometimes the platform/app will require several pictures to increase their certainty. 


384 Google Help, Access age-restricted content & features https://support.google.com/accounts/answer/10071085 [Archive.ore] 
385 Wikipedia, Dark Pattern https://en.wikipedia.org/wiki/Dark_pattern Wikiless] [Archive.org] 
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Do these pics match? 
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This guide will not cover this one (yet) as it is mainly used on financial platforms (that will be able to identify you 
with other means anyway) and some dating apps like Tinder*°°. Unfortunately, this method is now also sometimes 
oX=VaveMUIsX=X0 Mo) pl at-lox=) oYoLo) eenar-V ao Ml atcieec]=4r-] oa Me-\ow ey] ame) ime al-Vi@nvZ-valatercla(olamant-1vatolekM (alee Kel(oM alelani-\e-MimnZ-1mo nila 





= 
=| Tips for Video Selfie 
- 


Position your face in the circle 
DWONgMane 


Video Selfie Complete 
Take a Video Selfie Hold Your Phone at Eye Level wongnyane 


elp us confirm you're 


Hold Your Phone at Eye Level 


Follow the On-Screen Instructions 


In some cases, these verifications must be done from your Smartphone and with an “in-app” camera to prevent you 
from sending a previously saved (edited) image. 





Recently even platforms such as PornHub decided to implement similar measures in the future?®*. 


386 The Verge, Tinder will give you a verified blue check mark if you pass its catfishing test 
https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight 
[Archive org] 

387 DigitallnformationWorld, Facebook will now require you to Create a Video Selfie for Identity Verification 
https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for- 
identity-verification.html A’chive-orel 

388 Vice.com, PornHub Announces ‘Biometric Technology' to Verify Users https://www.vice.com/en/article/m7a4eq/pornhub- 
new-verification-policy-biometric-id Ashe 08! 


Page 131 of 243 








MaveM mlineialall¢-ieecn G10) (elmo @)alilal-w-Valeyanzanlia’g 


This verification is extremely hard to defeat but possible. A method to possibly defeat those would be to use “deep 
fake” technology software such as the open-source FaceSwap hitps://github.com/deepfakes/faceswap “™hve--"8l to 

generate the required verification pictures using a randomly computer-generated face that would be swapped over 
the picture of a complicit model (or a stock photo). 


Unfortunately, some apps require direct access to a smartphone camera to process the verification. In that case, we 
will need to find a way to do such “face swaps” on the fly using a filter and another way to feed this into the camera 
used by the app. A possible approach would be similar to this impressive project 
https://github.com/iperov/DeepFaceLive “hiveors], 


Manual reviews: 
These can be triggered by any of the above and just means someone (usually specialized employees) will review your 
ro} ce) ilt-maar-lalelliNvarlaremel=yele(=MUvial=1aal-) aula (cM a=t-] Mo) a ale) ml of-KX-1e Mm elaludal=1| mci] 0) -Yei a) =m) °)] a) (olan 


Some countries have even developed hotlines where you can report any subversive content?®’. 
Pros: Usually that verdict is “final”, and you will probably avoid further issues if you are good. 


Cons: Usually that verdict is “final”, and you will probably be banned without any appeal possibility if you are not 
good. Sometimes those reviews end up on the platform just ghosting you and cancel you without any reason 
whatsoever. Any appeal will be left unanswered, ignored, or will generate some random dark pattern bug when 
trying to appeal that specific identity (this happens on Instagram for instance where if your account gets 
“suspended” obviously by some manual review, trying to complete the appeal form will just throw an error and tell 
you to try again later (Il have been trying this same appeal for that identity for the past 6 months at least). 


(Crojnalayem Olel lacey 
Now that you have a basic understanding of all the ways you can be de-anonymized, tracked, and verified. Let us get 
started at evading these while staying anonymous. Remember: 
e You cannot trust ISPs 
e You cannot trust VPS providers 
e You cannot trust public Wi-Fi providers 
e You cannot trust Mobile Network providers 
e You cannot trust VPN providers 
Cem Cole mor-alalolen da U\imr-la\Vm@)alilal=m t-laiel aan) 
Cie Cole mor-] a) aye) md aU ij am Ke) 
e You cannot trust your Operating System 
e You cannot trust your Laptop 
Cian ColUor-l al alo) mda Usj mol] ancyoat-] avo) avolarem (53 ol=er-]I\Va-Valelgel(e)) 
e You cannot trust your Smart devices 
CN ofe\-¥r-] | PAVo10 or la) alo len dd UK] mi ol Yo) 9) 


So what? Well instead of not trusting anyone or anything, | would advise to “Trust but verify” 2° (or “Never trust, 
always verify” if you are more hardcore about it and want to apply Zero-Trust Security??") instead. 


Do not start this process unless: 
e You consulted your local law for compliance and the legality of your actions. 
e You are aware of your threat model. 
Cie Coli e-M MSc) EL -MUY Mam oLUL ol CME SIU ndaColeianYolelmiaat-ladolaelal-Meolar-lah mel dil-lmciiat-lame(-\1(o-Molam oll mw Vale] 
preferably in a place without CCTV filming you (remember to Find some safe places with decent public Wi- 
Fi and Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance) 


389 Variety, China Launches Hotline to Report Online Comments That ‘Distort’ History or ‘Deny’ Its Cultural Excellence 
https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/ [Archive.ore] 

390 Wikipedia, Trust but verify https://en.wikipedia.org/wiki/Trust, but_verify 'Wikiless] [Archive.org} 

391 Wikipedia, Zero-trust Security Model https://en.wikipedia.org/wiki/Zero_trust_security_model ikiless] [Archive.org] 
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e You are fully done and preparing one of the routes. 

e = Again, it is crucially important to understand that you will be unable to create most accounts without a 
NVE-ViCo Mo) aVolal=malllan) ol-) eum Mal-la-iie)a-Pmrileime) mZolelmr-lerelalauilia mele mort-liaciiast-loim)tiacelsrcmels)ol-lalecmelamdal= 
anonymity of your online phone number and/or the burner phone with its pre-paid SIM card (if you use 
one). If your phone number is not anonymous or your burner phone can be traced back to you then you 
can be de-anonymized. If you cannot get this anonymous phone number and/or a physical SIM with a 
Burner phone, then you will have to restrict yourself to platforms not asking for phone number 
verification. 


Remember to see Appendix N: Warning about smartphones and smart devices 


Creating new identities: 
This is the fun part where you will now create your identities from thin air. These identities do not exist but should 
be plausible and look “organic”. They should ideally have a story, a “legend” (yes this is the real term for this’). 


What is a legend? Well, it is a full back-story for your character: 


e Age 

e Sex 

e Gender 
e Ethnicity 


e Place of Birth and date of Birth 

e Place of residence 

e Country of origin 

e Visited Countries (for travels for instance) 

e Interests and hobbies 

e Education History 

e Work experience 

e Health information 

e Religion if any 

e Goals 

e Family history 

Cian r-anl axeolanl eYesid(ol alba) ana (@lali(ola-lalans) olelUiy-iau a lUIs| ef-]areira) 
e Relationship Status if any (Married? Single?) 
e Spoken Languages 

e Personality traits (Introvert, Extrovert ...) 


All these should be crafted carefully for every single identity, and you should be incredibly careful to stick to the 
details of each legend when using those identities. Nothing can leak that could lead to your real persona. Nothing 
could leak that could compromise the consistency of your legend. Everything should always be consistent. 


Tools that can help with this: 


e https://www.fakenamegenerator.com/ 
e https://thispersondoesnotexist.com/ 


I NKoN Van Wee] om alma ato)pat-aren vated acm\ole mxole) (ol ilat-]|Nmae) aici (o(-lan-x=1al alcar-)ame)alilal=w olave)al=malelanlel-lar-Ku->.4e)t-lfal-vom|amdal-m@laliialcl 
Phone Number (less recommended) section. 


| will help you bit by listing a few tips | learned while researching over the years (disclaimer: this is based on my 
individual experiences alone): 


392 Wikipedia, Espionage, Organization https://en.wikipedia.org/wiki/Espionage#Organization 'Wikiess] [Archive.org] 
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“Some animals are more equal than others”. 

o Ethnicity is important and you will have fewer issues and attract less attention to verification 
algorithms if your identity is Caucasian/East-Asian than if it is Arabic/Black (yes, | tested this 
extensively and it is definitely an issue). 

o Ageis important and you will have fewer issues if you are young (18-22) than if you are middle-aged 
or older. Platforms seem to be more lenient in not imposing restrictions on new younger audiences. 

o Sex/Gender is important, and you will have fewer issues if you are a female than if you are a male. 

o Country of origin is important, and you will have fewer issues if your identity is Norwegian than if it is 
Ukrainian, Nigerian, or Mexican. 

o Country of residence is important, and you will have fewer issues if your identity has its residence in 
Oslo or Paris than if you decide to live in Kyiv or Cairo. 

o Language is important and you will have fewer issues if you speak English or the language of your 
KoK=Yaldinvaidat-laM lim OlU MUL oMr- Iu alo)aty ai t-1n-le Ml-]a}:40l-|-4-em Blo alolem aat-].<-Wr-Wm\ (e) a" (=1:4{-] ab ole] aw -\g-] 0) (om 0EnV<¥-] exe) (e| 
female that speaks Ukrainian or Arabic. 

Identities that are “EU residents” with an “EU IP” (VPN/Tor Exit IP) will benefit from GDPR protections on 
many platforms. Others will not. GDPR is your friend in most cases, and you should take this into account. 
Similarly, origin IP geolocation (your IP/location when you go to “whatsmyipaddress.com”) should match 
your identity location as much as possible (When using a VPN over Tor, you can pick this in the VPN client if 
No] UMUKY=Mo al -WAVArd \ o)Y{=1 am Ko) ar] 6) 0) goY-(ola lo) au] UKs) mola =r-] n= Mr- Wm al=\\"alleL=) ala i aval) ai Ko) als] q@)"(A:-1 aro) als] @-)V-m Ke) am k-]o MU) aldi mvZole) 
get an appropriate Exit node, or configure Tor to restrict your Exit Nodes). Consider excluding any exit IP that 
is not located in Western Europe/US/Canada/Japan/South Korea/Australia/New Zealand as you will have 
1i=M0V=) a SLU =tSn Le [=r] 1 VM ZOLU IS) aol] (eM -X-1mr- Mm 0] ne) o)-t-]amelal(e)aM |pmnom <=) mr-(o(elid(o)al-] MG] D) 4, welge)-void(olalr-] ale lim ees1] 0) (=e) 
German exit IP due to their legal stance on using anonymous accounts on online platforms. 

Brave Browser (Chromium-based) with a Private Tor Tab has (IMHO) a better acceptance level than Tor 
Browser (Firefox based). You will experience fewer issues with captchas and online platforms?*? 
Brave than if you use Tor Browser (feel free to try this yourself). 

For every identity, you should have a matching profile picture associated with it. For this purpose, | 
recommend you just go to https://thispersondoesnotexist.com/ “'hve-o'8] and generate a computer- 
generated profile picture (Do note that algorithms have been developed**”’ ?” to detect these and it might 
not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer 
by using the open-source StyleGan project here https://github.com/NVlabs/stylegan2 "hve--r8), Just refresh 
the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save 
that picture. It would be even better to have several pictures associated with that identity, but | do not have 
an “easy way” of doing that yet. 

© Bonus, you could also make it more real by using this service (with an anonymous identity) 
https://www.myheritage.com/deep-nostalgia ""* "él to make a picture more lifelike. Here is an 
example: 

=" Original: 


if you use 


393 Medium.com, Kyle McDonald, How to recognize fake Al-generated images https://kcimc.medium.com/how-to-recognize- 
fake-ai-generated-images-4d1f6f9a2842Serbe.ripl [Archive.org] 

394 Jayway Blog, Using ML to detect fake face images created by Al https://blog.jayway.com/2020/03/06/using-ml-to-detect- 
fake-face-images-created-by-ai/ *chive.ore] 
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: | 





o Result (see Online because PDFs do not work well with embedded media): 
=  https://anonymousplanet.github.io/thgtoa/media/after. gif 
= https://mirror.anonymousplanet.github.io/thgtoa/media/after.gif 
=  http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydizkqd.onion/media/after.gif 
=" Archive.today: https://archive.fo/FB80V 
= Archive.today over Tor: https://archivecaslytosk.onion/FB80V 


Slight issue tho: MyHeritrage.com bans Tor Exit nodes so you might have again to consider VPN over Tor for this. 


You could also achieve the same result without using MyHeritage and by doing it yourself using for example 
https://github.com/AliaksandrSiarohin/first-order-model 4*he-°'8] but this will require more manual operations (and 
requires an NVIDIA GPU). Other commercial products will soon be available such as: https://www.d- 
id.com/talkingheads/ “-e-°'8] with examples here: 
https://www.youtube.com/channel/UCqyzLOHYamYX2tNXBNSHr1w/videos lnvidious] 


Note: If you make several pictures of the same identity using some of the tools mentioned above, be sure to 
compare the similarities using the Microsoft Azure Face Verification tool at https://azure.microsoft.com/en- 
us/services/cognitive-services/face/#demo. 


e Create in advance and store in KeePassXC each identity details that should include some crafted details as 
mentioned earlier. 

e Donot pick an occupation at a well-known private corporation/company as they have people in their HR 
departments monitoring activities in platforms such as LinkedIn and will report your profile as being fake if it 
does not match their database. Instead, pick an occupation as a freelancer or at a large public institution 
where you will face less scrutiny due to their decentralized nature. 

e Keep track (write down) of the background stories of your Identities. You should always use the same dates 
and answers everywhere. Everything should always match up. Even the stories you tell about your imaginary 
life should always match. If you say you work as an intern at the Department of Health one day and later on 
another platform, say you work as an intern at the Department of Transportation, people might question 
your identity. Be consistent. 
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e Use a different phone number for each identity. Online platforms do keep track of phone number usage and 
if one identity/number gets flagged for violating Community Guidelines or Terms of Services, it might also 
get the other identities using the same number flagged/banned as well. 

e Adapt your language/writing to the identity to not raise suspicions and lower your chances of being 
fingerprinted by online platforms. Be especially careful with using pedantic words and figures of 
speech/quotes that could allow some people to guess your writing is very similar to that person with this 
Twitter handle or this Reddit user. See Appendix A4: Counteracting Forensic Linguistics. 

e Always use TOTP 2FA (not SMS to prevent Sim Swapping attacks*” and to keep your identity working 
when your pre-paid card expires) using KeePassXC when available to secure your logins to various 
platforms. 

e Remember Appendix A2: Guidelines for passwords and passphrases. 


Here is also a good guide on this specific topic: 
https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#.22Real.22_names /’chive.ors] 


Note: If you are having trouble finding an exit node in the country of your choice you can force using specific 
countries for Exit Nodes (and therefore exit countries) on Tor by editing the torrc file on the Whonix Gateway or 
even the Tor Browser: 

e Whonix/Tails: Create/Edit a file *’/usr/local/etc/torrc.d/50_user.conf >". 


e OnTor Browser: Edit the torrc file located at *Browser/TorBrowser/Data/Tor 29”. 


Once you are in the file, you can do the following: 
Cans) oY =1ol IVAW a=W =>, \ Colo =tom onVar-olo ll avemaaColr=manion |farexm QiZal(eamuvill macte[Ollacwelam=>.diam\ (oe (Mam @lallat-VAxUCIt-VAOLae-li ale 
o ~~ ExitNodes {CH},{RU},{UA}~ 
ons) 40 (614)\ (0X0 (oe ne 
e Exclude specific Exit Nodes by adding this line (which will exclude all Exit Nodes from 
France/Germany/USA/UK): 
o ~ ExcludeNodes {FR},{DE},{US}, {UK} 


Always use uppercase letters for any setting. 


Please note that this is restricting Onion Routing could limit your Anonymity if you are too restrictive. You can see 
a visualized list of available Exit Nodes here: https://www.bigdatacloud.com/insights/tor-exit-nodes “veo! 


Here is the list of possibilities (this is a general list and many of those countries might not have Exit nodes at all): 
https://web.archive.org/web/https://b3rn3d.herokuapp.com/blog/2014/03/05/tor-country-codes/ 


Checking if your Tor Exit Node is terrible: 
Skip this if you are using a VPN/Proxy over Tor (tho you can also do the same checks with a VPN exit node if you 
want). 


Not all Tor Exit nodes are equal. This is mostly due to what type of “exit policy” their operator applies to them. 


Some Tor Exit nodes are seen are more or less “clean” and will only show up in the Tor Exit nodes lists. Some other 
Tor Exit nodes are seen as “dirty” and will show up in dozens of various blocklists. So how do you know if you are on 
a clean one or a bad one? It is not that simple. 


If you are using Tor Browser Bundle (not on Whonix Workstation, on Tails, or on the Host/Guest OS): 
e Goon the target website you want to sign-up for in a first tab 
e = Click the “lock” icon in the upper left corner 
e Look at the third IP (Exit IP) you are using in that tab for that website 
CM ©) of =] a= al =1\,ecX=1eco) ale M-] ol-] ale M-XeM Kol alan ols MA gab anole) | ole) eee) aayAe) f-\ol.4 | iawe Iso). 
e Put the Exit IP from the first tab in the search box 


395 Wikipedia, Sim Swapping https://en.wikipedia.org/wiki/SIM_swap_scam [Wikiless] [Archive.org] 
396 Whonix Documentation, https://www.whonix.org/wiki/Tor#Edit_Tor_ Configuration Aver 
397 Tor Browser Documentation, https://support.torproject.org/tbb/tbb-editing-torrc/ Archive-ors) 
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Check the amount of Blocklists the Tor Exit node is in. Ideally, it should only be in two: 

omen DYN i 0), 

o DAN TOREXIT 

o If itis in other lists, you might run into issues 
If the Exit Node is “clean” (in few lists), proceed to go back to the first tab and open the site you want to try a 
sign-up for. 


If you are using Tor Browser on the Whonix Workstation: 


Open Tor Browser 
Open the first tab and navigate to a site revealing your IP like https://browserleaks.com/ip 
Open a second tab and go to https://mxtoolbox.com/blacklists.aspx 
Put the Exit IP from the first tab in the search box 
Check the amount of Blocklists the Tor Exit node is in. Ideally, it should only be in two: 
omen DYN i KO); 
omen DYN iO) 34 =),4 00 
o Ifitisin other lists, you might run into issues 
If the Exit Node is “clean” (in few lists), proceed to go back to the first tab and open the site you want to try a 
sign-up for. 


If you are not using Tor Browser on a guest non-whonix VM behind the Whonix Gateway: 


Open your browser of choice 
Open the first tab and navigate to a site revealing your IP like https://browserleaks.com/ip 
Open a second tab and go to https://mxtoolbox.com/blacklists.aspx 
Put the Exit IP from the first tab in the search box 
Check the amount of Blocklists the Tor Exit node is in. Ideally, it should only be in two: 
omen DYN i K@) 33 
omen YANN IO): 408 
o If itis in other lists, you might run into issues 
If the Exit Node is “clean” (in few lists), proceed to go back to the first tab and open the site you want to try a 
sign-up for. 


The Real-Name System: 

Unfortunately, not using your real identity is against the ToS (Terms of Services) of many services (especially those 
owned by Microsoft and Facebook). But don’t despair, as explained in the Requirements, it’s still legal in Germany 
where the courts have upheld up the legality of not using real names on online platforms (§13 VI of the German 
Telemedia Act of 2007”). Fortunately, ToS cannot override laws (yet). 


This does not mean that it is illegal in other places but that it might be a breach of their Terms of Services if you do 
not have the law on your side. Remember this guide only endorses this for German users residing in Germany. 


On my side, | strongly condemn this type of real-name policy. See for instance this Wikipedia article giving some 
examples: https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy 'Wikiess] [Archive.org] 


Here are some more references about the German case for reference: 


https://slate.com/technology/2018/02/why-some-americans-are-cheering-germany-for-taking-on- 
facebooks-real-name-policy.html| “*hive-orel 
https://www.theverge.com/2018/2/12/17005746/facebook-real-name-policy-illegal-german-court-rules 
[Archive org] 

https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal rhive o8] 
https://www.vzbv.de/sites/default/files/downloads/2018/02/14/18-02-12_vzbv_pm_facebook-urteil_en.pdf 
Niel aYiVMe) 94 | 

https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal ”hive o8] 
https://www.reuters.com/article/us-germany-facebook/german-court-rules-facebook-use-of-personal-data- 
illegal-idUSKBN1FW1FI rchive-orel 
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Alternatively, you could be an adult resident of any other country where you can confirm and verify the legality of 
this yourself. Again, this is not legal advice, and | am not a lawyer. Do this at your own risk. 


Other countries where this was ruled illegal: 
e South Korea (see https://en.wikipedia.org/wiki/Real-name_system#South_Korea Wikiless] [Archive.org]) 
e If you know any other, please let me know with references in the GitHub issues. 


Some platforms are bypassing this requirement altogether by requiring a valid payment method instead (see 
Financial transactions:). While this does not directly require a real name through their ToS, this has the same results 
as they usually only accept mainstream (not Monero/Cash) payment methods (such as Visa/MasterCard/Maestro or 
PayPal) which do require a real-name legally as part of their KYC””° regulations. The result is the same and even 
better than a simple real-name policy you could ignore in some countries such as Germany. 


About paid services: 
If you intend to use paid services, privilege those accepting cash payments or Monero payments which you can do 
directly and safely while keeping your anonymity. 


If the service you intend to buy does not accept those but accepts Bitcoin (BTC), consider the following appendix: 
Appendix Z: Paying anonymously online with BTC (or any other cryptocurrency). 


Overview: 
This section will show you an overview of the current various requirements on some platforms: 
e Consider using the recommended tools on https://privacyguides.org ""'’°! for better privacy instead of 
the usual mainstream ones. 
e Consider using the recommended tools on https://www.whonix.org/wiki/Documentation “""""" °'! as well 
instead of the usual mainstream ones such as E-mail providers: https://www.whonix.org/wiki/E- 
Mail#Anonymity_Friendly_Email_Provider_List "he °'s! 


The following overview does not mention the privacy practices of those platforms but only their requirements for 


registering an account. If you want to use privacy-aware tools and platforms, head on to https://privacyguides.org 
Niel aY\Vimol g4| 


Legend: 
Canes OJ aol =t-] aren Ol aloll y=] axe [1m noM F-(o) ova [alcelgaat-la(olamolaraelalivicyiay-aiacelanar-lilolae 
e “Maybe”: It did happen ina minority of my tests. 
e “Likely”: It did happen in most of my tests. 
e “Yes” or “No”: This either happened or never happened systematically in all my tests. 
e “Easy”: The overall experience was straightforward with little to no obstacles. 
e “Medium”: The overall experience has some obstacles, but it is still doable without too much hassle. 
e “Hard”: The overall experience is a painful struggle with many obstacles. 
e “N/A”: Not Applicable because it was not possible to test within the context of this guide 
e “Indirectly”: This means they do require something but indirectly through a third-party system (Financial KYC 
for example). 


Service Requires poy g Facial Manual | Overall 
E-Mail Financial Checks | Checks | difficulty 
Checks 


Amazon Unclear 
Apple 
Binance 
Briar 
Discord 
Element 
Facebook 
GitHub 
GitLab 
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Service Against | Requires | Requires | VPN ID or 
ToS dated a) E-Mail Sign-up Financial 
Checks 


IN 
Kraken Yes* /No Yes Yes 
LinkedIn Yes* Yes Maybe | Maybe 
MaliFence [No [No [Yes [Yes [Maybe [ves [No _| No 
Medium [No [No [Yes | Yes Cc 
Microsoft |v [Maybe | Maybe [Yes [Yes [Yes [No [No | No 
Mulvad [No [No [No [Yes [Yes [No [No [No | No 
a 
Onionshare [No [No [No |Yes [Yes [No [No [No | No 
eae Ue 0 Lt) Ge 

functionalities) functionalities) 
tonal [Wo | wave [ley [Yes [es [yes [wo [Wo [Ro 
Reda [No [No [No [ves [ves [wo [No [No 
sesnoor | [No [No [Yes [ves [ves [no [8 [Ne 


Telegram INTo) Easy 
| Tutanota EZ INTo) ie ba | =e ie ie ic Ec INfo) Hard 


Twiteh a 


Twitter aN Maybe | Medium 


MOTE a 


| 4chan | No | No | No | No | No KE | No | No INTe) Hard 


Facial Manual | Overall 
Checks | Checks | difficulty 


Maybe 
No 
Maybe | Maybe 
No 
No 
No 











* See The Real-Name System for essential information. See below for details. 
Amazon: 
e Is this against their ToS? No, but yes 
alae HVA AA AWATlaat-VAelaMexelanVA34 oA ated eyAaesixelaat-leAelkse)-yvAareanl Raateye|-)(c—-vA0 Pa (02-10 Raunt 


“1, Amazon Services, Amazon Software 


A. Use of Amazon Services on a Product. To use certain Amazon Services on a Product, you must have your own 
Amazon.com account, be logged in to your account on the Product, and have a valid payment method associated 
with your account. “ 


While it does not technically require a real name. It does require a valid payment method. Unfortunately, it will not 
accept “cash” or “Monero” as a payment method. So instead, they are relying on financial KYC (where a real-name 
policy is pretty much enforced everywhere). 

e Will they require a phone number? Yes, but see below 

e Can you create accounts through Tor? Yes, but see below 


Because of this valid payment method requirement, | could not test this. While this is seemingly not against their 
TOS, it is not possible within the context of this guide unless you manage to obtain a valid KYC payment method 
anonymously which AFAIK is pretty much impossible or extremely difficult. 


So, AFAIK, it is not possible to create an anonymous Amazon account. 


Apple: 
e Is this against their ToS? Yes https://www.apple.com/legal/internet-services/icloud/en/terms.html 4rchive.ors] 


“IN. Your Use of the Service 
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A. Your Account 


In order to use the Service, you must enter your Apple ID and password to authenticate your Account. You agree to 
provide accurate and complete information when you register with, and as you use, the Service (“Service 
Registration Data”), and you agree to update your Service Registration Data to keep it accurate and complete”. 

e Will they require a phone number? Yes 

e Can you create accounts through Tor? Yes 


Note that this account will not allow you to set up an Apple mail account. For that, you will need an Apple device. 


Binance: 
es this against their ToS? Yes https://www.binance.com/en/terms /"hive.ors] 
e Will they require a phone number? No, they do require an e-mail 
Cie Or- an (oLU ola =y-1n=mr-(ecerol/alucm dayne le ]-4 alm Ke) arama) 


e ls this against their ToS? —_—shttps://briarproject.org/privacy-policy/ “”hve-o"8) 
e Will they require a phone number? No, they do not even require an e-mail 
e Can you create accounts through Tor? Yes 


Discord: 
e ls this against their ToS? —https://discord.com/terms “’hve--rs] 
CMa AVAl] md al=\ vara =Xo [0] [a=m- Io) avolal=malelanlel-laran) opm olU| midalc\’melemaclolUlla-w-lam=miear-ll| 
e Can you create accounts through Tor? | had no issues with that so far using the Desktop Client 


You might encounter more issues using the Web Client (Captchas). Especially with Tor Browser. 


| suggest using the Discord Client app on a VM through Tor or ideally through VPN/Proxy over Tor to mitigate such 
issues. 


Element: 
e Isthis against their ToS? —_https://element.io/terms-of-service A”hve-°'8! 
e Will they require a phone number? No, they do not even require an e-mail 
e Can you create accounts through Tor? Yes 


Expect some Captchas during account creation on some homeservers. 


[me [61 81616) 4 
e Is this against their ToS? Yes https://www.facebook.com/terms.php "hive ol 


saad AVA ao More] p UK X= ar-[er=) ofele) 4 


AV ateam exzYo) 0) (-Mciu=l avon of-)alfarelaat=l/are) ellalko)atcm-Valem-\oid (ola\puole/anolpalanlUl ali nvm icMcy-) c=) ar-] ale Maale)aom-l eee] 0] a\i-] 0) (<i xo) and ali 
reason, you must: 
e Use the same name that you use in everyday life. 
e Provide accurate information about yourself. 
e Will they require a phone number? Yes, and probably more later 
e Can you create accounts through Tor? Yes, but it is very difficult and their onion address?” will not help. In 
most cases, you’ll just have a random error at sign-up and your account suspended after sign-in.” 


But this clause of their ToS is illegal in Germany (see Requirements). 


Facebook is one of the most aggressive platforms with identity verification and is pushing hard their “real name 
policy”. It is why this guide is only advised to German residents. 


Over my tests tho | was able to pinpoint a few tips: 
e It will be easier if you have an Instagram account first. 
398 Facebook Onion Website http://facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/ 
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e Signing up through Tor is almost impossible (even using their .onion address which is a joke) and will only 
succeed if you are “ very lucky” (| assume if you are using an exit node that is not yet known by Facebook 
verification systems). In most cases, it will not allow registration at all and will just fail with “An error has 
occurred during registration”. 

e Signing up through VPNs is more likely to succeed but might still result in the same error. So, you must be 
ready for a lot of trial and error here. 

e Signing up through a Self-Hosted VPN/Proxy is your best bet but make sure your profile/identity matches the 
IP geolocation. 

Cin \VNVaerelaltelexslaldavallamua-m-40)(ol-m-] ofolU] mual-mOlan-)lit-lame[Uloln-migelaam-\allaat-]ierlqaeM cM lamill| m=) ix-\ei me) all ar-(e(-) elele) em Coll] 
will experience huge variation in acceptance depending on age/sex/ethnicity/nationality/... This is where you 
will have far fewer issues if you are making an account of a Young European Caucasian Female. You will 
almost certainly fail if you try making a Middle-Aged Male where my other accounts are still 
unsuspended/unbanned to this day. 

e Logging-in (after you sign-up) however works fine with VPN and Tor but might still trigger an account 
suspension for violating Community Guidelines or Terms of Services (despite you not using the account at all 
for anything else than signing-up/logging-in). Ideally, you should log-in back with the same IP from a self- 
hosted VPN/Proxy. 


| also suspect strongly based on my test that the following points have an impact on your likelihood of being 
suspended over time: 

e Not having friends 

e Not having interests and an “organic activity” 

e Not being in the contacts of any other user 

Cams \ Co) om of=Yi avo) aMoyaal=l am 0) F-]ae) qa atom (AU Le1a-Km lalcin-¥e4 ee] aaVAVAVAat-1ecy-V 0] 9) 

e Restricting your profile privacy settings too soon after signing-up 


Himele [ar-leol Ul ai om -X-1ncwL UK) of =lalo(=topmVolUmNI| Mal=\-Yolmnom-] 0) ol-t-] mual=mel=telylo)amaal aol0l-4am-Mel/in-mcyian)o)(-mielaaamuar-lannll Mato [Ul [az 
NV{o]U I MoMS101 0) 0a) | mr- fuel ©) 00) Moy mm | DMN w(o)\\(-\1/=) om Wat-lem 0) goYe) mo) im |DNVK=1a li (er-nd(o)aMmc\’cin-] pam Mantel aom (-lal(-larendar-lam Mal <-tellam-laremy aii 
allow you to send various documents which require far less Photoshop skills. 


It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity. If 
that is the case, | am afraid it is a dead-end for now unless you use a deepfake face swapping technique. 


If you do file an appeal, you will have to wait for Facebook to review it (| do not know whether this is automatic or 
human) and you will have to wait and hope for them to unsuspend your account. 


GitHub: 
e Isthis against their ToS? —https://docs.github.com/en/free-pro-team @latest/github/site-policy/github- 
terms-of-service Archivecrs] 
e Will they require a phone number? Nope, all good 
e Can you create accounts through Tor? Yes, but expect some captchas 


GitHub is straightforward and requires no phone number. 


Be sure to go into Settings > E-Mail and make your e-mail private as well as block any push that would reveal your e- 
mail. 


GitLab: 
e Is this against their ToS? https://about.gitlab.com/handbook/legal/subscription-agreement/ Archive ore] 
Ca A"A1 i al=\"an aXe [0] |a-mr- Mm ©) afolal=Wale)anlel=) eran) Co) ol-var-] | M-xeXolo| 
e Can you create accounts through Tor? Yes, but expect captchas 


(Cjia =) oM Imaal 1-4 gl acelan\claom-]aveMaclolUll acs ave) avolal=Walvlaalel=lm 


Google: 
e Isthis against their ToS? —_https://policies.google.com/terms “hivecrs] 
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e Will they require a phone number? Yes, they will. There is no escape here. 
e Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be 
required 


ProtonMail is good ... but to appear less suspicious, it is simply better to also have a mainstream Google Mail 
account. 


As ProtonMail, Google will also most likely require a phone number during sign-up as part of their verification 
process. However contrary to ProtonMail, Google will store that phone number during the sign-up process and will 
EV om Tanlions at-malelanvey-1areymr-locexol 0 avec upl-lmcer=]aM of-Molg-t-ye-o Rol] al atem uate cy(=40 0] © kemdanaen 


From my experience during my research, this count is limited to three accounts/phone numbers. If you are unlucky 
with your number (if it was previously used by another mobile user), it might be less. 


boLUIES) aToL0] (ou al=1a=1ie) Rom UKYoM-]-4-]]amVZolll mola) liarem elare)atcmalelaal ol=1a@), mv col] ml ol0]aal-lau olavo)at=m-]alem olacts ey-](ems)I\ mer |aemneMelg-t-1K-1 
the account. Do not forget to use the identity details you made up earlier (birthdate). When the account is created, 
please do take some time to do the following: 

e (Trick) Log into Google Mail and Go into the Gmail Settings > Go into the mail Forwarding options > Set up a 
mail forwarding to your ProtonMail Address > Verify (using ProtonMail) > Go back to Gmail and set the 
forwarding to forward and delete Google copy > Save. This step will allow you to check your Google Mail 
using ProtonMail instead and will allow you to avoid triggering Google Security checks by Logging in from 
various VPN/Tor exit IP addresses in the future while storing your sensitive e-mail at ProtonMail instead. This 
trick will allow you to receive all the e-mails from your Gmail address on your ProtonMail (or other) address 
without needing to login into your Google account (reducing risks of it being suspended, especially if you use 
Tor). 

e Enable 2FA within the Google account settings. First, you will have to enable 2FA using the phone number. 
Then you will see the option appear to enable 2FA using an Authenticator app. Use that option and set it up 
with a new KeePassXC TOTP entry. When it is done, remove the phone 2FA from the Google account. This 
will prevent someone from using that phone number in the future (when you do not have it anymore) to 
recover/gain access to that account. 

e Add ProtonMail as a recovery e-mail address for the account. 

e Remove the phone number from the account details as a recovery option. 

e Upload a Google profile picture you made earlier during the identity creation step. 

e Review the Google Privacy settings to disable as much as you can: 

o Activity logging 
o YouTube 
au Koy-MolUhar-} aloe (ol ato) mn Kolo] aM im Ula) (-Kssom al=Yare Yom (=m anteaiulolarcvopmy ole m/1| MUM 4 colno)al\V/F-]] muoMel alate av olU lan Cloar-l1) 


Keep in mind that there are different algorithms in place to check for weird activity. If you receive any mail (on 
ProtonMail) prompting about a Google Security Warning. Click it and click the button to say, “Yes it was me”. It 
helps. 


Do not use that account for “sign-up with Google” anywhere unless necessary. 


Be extremely careful if you decide to use the account for Google activities (such as Google Maps reviews or YouTube 
Comments) as those can easily trigger some checks (Negative reviews, Comments breaking Community Guidelines 
on YouTube). 


If your account gets suspended “° (this can happen on sign-up, after signing-up or after using it in some Google 
services), you can still get it unsuspended by submitting*” an appeal/verification (which will again require your 


[Archive.org] 


393 Google Help https://support.google.com/accounts/answer/114129?hl=en 
400 Google Help https://support.google.com/google-ads/answer/7474263?hl=en Archiveorel 

401 Google, Your account is disabled https://support.google.com/accounts/answer/40695 A'chive.orel 

402 Google, Request to restore the account https://support.google.com/accounts/contact/disabled2 Archiver] 
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Phone number and possibly an e-mail contact with Google support with the reason). Suspension of the account 
does not disable the e-mail forwarding, but the suspended account will be deleted after a while. 


After suspension, if your Google account is restored, you should be fine. 


Hime] mre xo] b] alu ex-1ncw of-V ay alee PmZeLU IN ZIIMar-n\com alemr-] 6) oX-¥-) Wr-]alemma alm cela Z-1aellarcaU lim ol=mel ky-] o)(-Yemm ColU] amy olalolal-malUlanlel-laaniil| mela 
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losing them. They are precious. 
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HackerNews: 
e Isthis against their ToS? —_—shttps://www.ycombinator.com/legal/#tou “”hive-or8! 
e Will they require a phone number? No, they do not even require an e-mail 
e Can you create accounts through Tor? Yes 


akiaelelaelean 
e Is this against their ToS? Maybe? | am not sure https://help.instagram.com/581066165581870?ref=dp 
Niel nV Vimo) g4| 


“You can't impersonate others or provide inaccurate information. You do not have to disclose your identity on 
Instagram, but you must provide us with accurate and up-to-date information (including registration information). 
Also, you may not impersonate someone you are not, and you can't create an account for someone else unless 
you have their express permission”. 


This one is a bit of an Oxymoron don’t you think? So, | am not sure whether it is allowed or not. 
e Will they require a phone number? Maybe but less likely over VPN and very likely over Tor 
e Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be 
required 


It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity 
(within the app or through an e-mail request). If that is the case, | am afraid it is a dead-end for now. 


It is no secret that Instagram is part of Facebook however it is more lenient than Facebook when it comes to user 
verification. It is quite unlikely you will get suspended or banned after signing up. But it could help. 


For instance, | noticed that you will face fewer issues creating a Facebook account if you already have a valid 
Instagram account. You should always create an Instagram account before trying Facebook. 


Unfortunately, there are some limitations when using the web version of Instagram. For instance, you will not be 
able to enable Authenticator 2FA from the web for a reason | do not understand. 


After sign-up, do the following: 
e Upload a picture of your generated identity if you want. 
e Go into your Settings 
e Make the account private (initially at least) 
e Donot show activity status 
Cian DYoWs ao) ar-) |e) acvat-lalals4 


e Isthis against their ToS? —https://jami.net/privacy-policy/ "hive rel 
Cama’ A"A | mo al=\ vara =o [0] [a=M- Mo) alo)al-male lan) el-laranh (opmuarcnae (om arolm-\-lama=to[Ul[a-W-lamomraar-)l 
Cen r= Ja (ol0 molg-r-]n-wr-[xxo]0] aiucme a) qol0l 4am Ko) aram) (o) o-Mi ao (ol-\W aelmn 0) @iie) mcXo) palm m=1e) alalier-] Mact-\se)a) 


403 Google Help, Update your account to meet age requirements https://support.google.com/accounts/answer/1333913 ?hi=en 
IVNiel aY\V=mo) g4| 
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iVPN: 
e Isthis against their ToS? —https://www.ivpn.net/tos/ “chive-crs] 
e Will they require a phone number? No, they do not even require an e-mail 
e Can you create accounts through Tor? Yes 


Kraken: 
e  |s this against their ToS? Yes https://www.kraken.com/legal chive ors] 
CMma'A"Al) md al=\ ana =Xe [Ul] am) afolal=malelaalel-laran)\ Copmuat\’molomaclolUllacw-lam-miear-ll| 
e Can you create accounts through Tor? Yes 


LinkedIn: 
e Is this against their ToS? Yes https://www.linkedin.com/legal/user-agreement chive ors] 


“To use the Services, you agree that: (1) you must be the “Minimum Age” (described below) or older; (2) you will 
only have one LinkedIn account, which must be in your real name; and (3) you are not already restricted by 
LinkedIn from using the Services. Creating an account with false information is a violation of our terms, including 
accounts registered on behalf of others or persons under the age of sixteen. “ 


But this clause of their ToS is illegal in Germany (see Requirements). 
e Will they require a phone number? Yes, they will. 
e Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be 
required 


LinkedIn is far less aggressive than twitter but will nonetheless require a valid e-mail (preferably again your Gmail) 
and a phone number in most cases (tho not always). 


LinkedIn however is relying a lot on reports and user/customer moderation. You should not create a profile with an 
(oxoxol0) o-1u(o)a Ml aci(ol=M-m old \VZ-1K-m eco) g ole) e-la(o)a Mo) mre al-] | ecim-]au0] om ovo) aaley-lahvaml i alcmece)aaloy-lanaclanl ole’ {-\etou-] com ante) ay ine) alats 
LinkedIn activity and receive notifications when new people join. They can then report your profile as fake, and your 
profile will then be suspended or banned pending appeal. 


LinkedIn will then require you to go through a verification process that will, unfortunately, require you to send an ID 
proof (identity card, passport, driver's license). This ID verification is processed by a company called Jumio*™ that 
specializes in ID proofing. This is most likely a dead end as this would force you to develop some strong Photoshop 
skills. 


Instead, you are far less likely to be reported if you just stay vague (say you are a student/intern/freelance) or 
foya=inelaleM\Zel0 MW) auto) ar-la-lex-m 10] 0) |(om|aksidimUiu(o) amd at-|m Mmolon (-]9:<-W co) mr-] ale) alm Kol or-] M0) me) a[=101,@ 


As with Twitter and Google, you should do the following after signing up: 
Cm BY Icy] 0) (-Wr= [0 
Cm Bsr] 0) (= ale) dua er-] dle) ahs 
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MailFence: 
e Is this against their ToS? No 
e Will they require a phone number? No, but they require an e-mail 
e Can you create accounts through Tor? Maybe. From my tests, the signing-up verification e-mails are not sent 
when using Tor to sign-up. No issues however when using a VPN over Tor or a Proxy over Tor. 


Medium: 
e Is this against their ToS? No, unless it is about crypto https://policy.medium.com/medium-terms-of-service- 
9db0094a1e0F Mrchive.ors] 
Cm VAI uate\ arate Ol) aom- Moa) accmallloalol-leran \Coym olUiumaal\Vaa-Yo[Ulaqw-lamomiaar)| 


404 Jumio, ID verification features https://www.jumio.com/features/ A'chive-orel 
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e Can you create accounts through Tor? No issues with that so far 
Signing-in does require an e-mail every time. 


IV ielgeksto) is 
e |s this against their ToS? Yes https://www.microsoft.com/en/servicesagreement/ 'chive.ore] 


“4, Creating an Account. You can create a Microsoft account by signing up online. You agree not to use any false, 
inaccurate, or misleading information when signing up for your Microsoft account”. 


But this clause of their ToS is illegal in Germany (see Requirements). 
e Will they require a phone number? Likely but not always. Depending on your luck with your Tor exit node, 
they may only require e-mail verification. If you use a VPN over Tor, they will likely only ask for an e-mail. 
a Or-] an {oLU ola =y-1n=mr-(ececol [a1 nom dane le]=4 gm Ke) arom A=tsymn (ol Mor [am oO =) .¢0)-(el mor-] 6) Kol ar-\yur-) om (=t- IS) mela aT-lI MVcdeli(erya(elapar- ae! 
likely phone verification. 


So yes, it is still possible to create an MS account without a phone number and using Tor or VPN, but you might have 
to cycle through a few exit nodes to achieve this. 


After signing up you should set up 2FA authentication within the security options and using KeePassXC TOTP. 


VIOIIMVero 
e Is this against their ToS? No https://mullvad.net/en/help/terms-service/ A'hve-or8l 
e Will they require a phone number? No, they do not even require an e-mail. 
e Can you create accounts through Tor? Yes. 


Njalla: 
e Is this against their ToS? No https://njal.la/tos/ “hve os) 
e Will they require a phone number? No, but they do require an e-mail or an XMPP (Jabber) account 
somewhere. 
e Can you create accounts through Tor? Yes, they even have a “.onion” address at 
alan OM MAA) itl tyileater=) s1C-xeteW Aare |\Vanaleleyaalel Pardo) cori cel alo WA TMNVAWAW AU] isi ar-lo me) al (olay 


OnionShare: 
e ls this against their ToS? No, they do not even have Terms of Services 
e Will they require a phone number? No, they do not even require an e-mail 
e Can you create accounts through Tor? Yes (obviously) 


OnlyFans: 
e |s this against their ToS? No, it looks fine https://onlyfans.com/terms Archive ore) 
e Will they require a phone number? No, they do require an e-mail 
e Can you create accounts through Tor? Yes, you can 


UFaliolauelar-in-) Vm velOmMnUl| Mm ol-M=auacdoalcihValiaalincomvd idem day-lem-(oorolU]almr-laleMnomo(on-la\"anallal-mole mili mal-icemelolmeolanle)(-lkemaalclig 
verification process which requires a KYC type financial transaction check. So, not very useful. 


ProtonMail: 
e Is this against their ToS? No https://ProtonMail.com/terms-and-conditions “hve! 
e Will they require a phone number? Maybe. This depends on the IP you are coming from. If you come from 
Tor, it is likely. From a VPN, it is less likely. 
e Can you create accounts through Tor? Yes, but highly likely that a phone number will be required when only 
an e-mail or a captcha will be required over a VPN. They even have a “.onion” address at 
https://protonmailrmez3lotccipshtkleegetolb 73fuirgj7r404vfu7ozyd.onion/. 


You obviously need an e-mail for your online identity and disposable e-mails are pretty much banned everywhere. 


ProtonMail is a free e-mail provider based in Switzerland that advocates security and privacy. 
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They are recommended by Privacyguides.org*°’. Their only apparent issue is that they do require (in most cases) a 
phone number or another e-mail address for registration (when you try to register from a VPN or Tor at least). 


They claim they do not store/link the phone/e-mail associated with the registration but only store a hash that is not 
linked to the account*™. If their claim is true and the hash is not linked to your account, and that you followed my 
F-40}(o(=Wr-] oe Uiama a=W 0) alo)al=Mal¥l an) ol-1qmyZo10 ms) alole] (oll ol- a-t-k(o) al-] 0) WAy-1ic Wm ko)aamae-lo.dlatoe 
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ProtonVPN: 
e Is this against their ToS? No https://protonvpn.com/terms-and-conditions hve] 
e Will they require a phone number? No, but they do require an e-mail. 
e Can you create accounts through Tor? Yes 


Reddit: 
e Is this against their ToS? No https://www.redditinc.com/policies “hve! 
e Will they require a phone number? No, they will not. 
e Can you create accounts through Tor? Yes 


Reddit is simple. All you need to register is a valid username and a password. Normally they do not even require an 
e-mail (you can skip the e-mail when registering, leaving it blank). 


No issues whatsoever signing up over Tor or VPN besides the occasional Captchas. 


Consider reading this reddit post: 
https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/ “hive vl 


AY loki¢leloyin 
e Is this against their ToS? Yes https://slashdotmedia.com/terms-of-use/ ’chive-ors] 


“8. Registration; Use of Secure Areas and Passwords 


Some areas of the Sites may require you to register with us. When and if you register, you agree to (a) provide 
accurate, current, and complete information about yourself as prompted by our registration form (including your e- 
Maat }iie-le(e/a=ss) e-]aloMo) no Mant-][alecliam-laleMe] eler-in-molelanlaicelanar-ldiolam (/areleleliat-molelan=raaateli le (e]a-st3) nem <-\-) oN imr-[eelU | elk er 
(olU]da=1alar-|alemero)anye)(=1k-mm KolUM-(o.dalo)ivi(-lol-x-muat-] ms] alolb](oMr-lanvallayce)aaat-ya(o)alme) ge) (ol Yom o\VAVZolUM of-Miel0) alo Kol ol-MUlaiage|—e 
inaccurate, not current, or incomplete, we reserve the right to terminate this Agreement with you and your current 
or future use of the Sites (or any portion thereof)”. 

e Will they require a phone number? No 

e Can you create accounts through Tor? Yes 


Telegram: 
e Is this against their ToS? No https://telegram.org/tos Achive-crs] 
e Will they require a phone number? Yes unfortunately 
e Can you create accounts through Tor? Yes, but sometimes you randomly get banned without any reason 


Telegram is quite straightforward, and you can download their portable Windows app to sign-up and log in. 
AU LI Mase Ul nem e) alelar-malelan] oX]auidar-lmer-]aMolal ha oX-MUls-\e elated r-l ale aloldal lala scn 


In most cases, | had no issues whether it was over Tor or VPN, but | had a few cases where my telegram account was 
just banned for violating terms of services (not sure which one?). This again despite not using them for anything. 


They provide an appeal process through e-mail, but | had no success with getting any answer. 


405 Privacyguides.org recommended E-mail Providers https://privacyguides.org/providers/email/ *chive-orel 
406 ProtonMail Human Verification System https://ProtonMail.com/support/knowledge-base/human-verification/ "hive 08! 
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Their appeal process is just sending an e-mail to recover @telegram.org "e's! stating your phone number and 
issue and hope they answer. 


After signing up you should do the following: 
Cin Clon [alxoll soli o)qeyil(=1 
e Seta Username 
e Go into Settings (Desktop App) 
e Set the Phone Number visibility to Nobody 
e Set Last Seen & Online to Nobody 
CMsY=1 tl 50) ANV7-] go Lol \V/ (=tsKcy-124=1om KON N [0] 000 NV 
e Set Profile photos to Contacts 
CS Y=1 ol Or-] | ao Ole) a= ol ks 
e Set Group & Channels to Contacts 


Tutanota: 
e Is this against their ToS? No https://tutanota.com/terms/ ’hive.ors] 
e Will they require a phone number? No, but they do require an e-mail. 
e Can you create accounts through Tor? Not really, almost all Tor Exit nodes are banned AFAIK 


Twitter: 
e Is this against their ToS? No https://twitter.com/en/tos 
e Will they require a phone number? They might not at sign-up, but they will just after sign-up or later. 
e Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be 
required after a while. 


Twitter is extremely aggressive in preventing anonymity on its network. You should sign-up using e-mail and 
password (not phone) and not using “Sign-in with Google”. Use your Gmail as the e-mail address. 


More than likely, your account will be suspended immediately during the sign-up process and will require you to 
complete a series of automated tests to unlock. This will include a series of captchas, confirmation of your e-mail and 
Twitter handle, or other information. In some cases, it will also require your phone number. 


In some cases, despite you selecting a text verification, the Twitter verification system will call the phone no matter 
what. In that case, you will have to pick up and hear the verification code. | suspect this is another method of 
preventing automated systems and malicious users from selling text receiving services over the internet. 


Twitter will store all this information and link it to your account including your IP, e-mail, and phone number. You 
Vil] MaXoyen oX=Mr-] o)(=Maar-lemo)alolal-MalUlan) ol-lmunoMolg-t-ln-- Mol |ii-)a=lalmr-[eocol 0] aim 


Once the account is restored, you should take some time to do the following: 
mn ©) 0) (o¥-Loldal-m(o(-lald inva o)ceyil (om e)(el0l aon 
e Enable 2FA from the security settings using a new KeePassXC TOTP entry, save the security codes in 
KeePassXC as well. 
e Disable Photo tagging 
Ca D) sx] 0) (=m seaa at-lI (ele) qv] 0 
Cen D) [cr] 0) (= 4 aol elem (ole) q0] 0) 
e Disable all personalized advertising settings 
Cie D)is¥-] 0) (=m -x-10) (oler-| dela me) mA at=l is) 
e Remove the phone number from the account 
Cin sre) |e)", "aasxe) alos oX=10) ©) (il of ks1=10| 
e Log out and leave it be. 


After about a week, you should check Twitter again and the chances are quite high that it will be suspended again for 
“suspicious activity” or “violating community guidelines” despite you not using it at all (not even a single 
tweet/follow/like/retweet or DM) but this time by another system. | call this the “Double-tap”. 
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processed by Twitter. During that process, you may receive an e-mail (on ProtonMail) asking you to reply to a 
customer service ticket to prove that you do have access to your e-mail and that it is you. This will be directed 
toward your Gmail address but will arrive on your ProtonMail. 


Do not reply from ProtonMail as this will raise suspicions, you must sign in to Gmail (unfortunately) and compose a 
new mail from there copy-pasting the E-Mail, Subject, and Content from ProtonMail. As well as a reply confirming 
you have access to that e-mail. 


After a few days, your account should get unsuspended “for good”. No issues after that but keep in mind they can 
still ban your account for any reason if you violate the community guidelines. The phone number and e-mail will then 
oi t= }-424<10 Par-] Lo MVZOLUMNAI| Mare) aloo) al=) ro) old (o)am olU| mom x-1mr-Mal-nimlol-laldinvaydidam-M arc" malelan]el-)axoml(-4ni0) ol-|-4-]) apm Doma le)s 
use this account for trolling. 


Twitch: 
e Is this against their ToS? No https://www.twitch.tv/p/en/legal/terms-of-service/ 'hive.orel 
Cima AVA1 a al=\ ana =Xo [0] |aoer- I ©) acolal=malelanl el=)aran)\ opm olUimaal-\’moloMa-tolUl[a-W-lam-miaal-l ip 
e Can you create accounts through Tor? Yes 


Note that you will not be able to enable 2FA on Twitch using only e-mail. This feature requires a phone number to 
enable. 


Watorny-Voyon 
e Is this against their ToS? Yes https://www.whatsapp.com/legal/updates/terms-of-service-eea Archive.crs] 


“Registration. You must register for our Services using accurate information, provide your current mobile phone 
number, and, if you change it, update your mobile phone number using our in-app change number feature. You 
agree to receive text messages and phone calls (from us or our third-party providers) with codes to register for our 
Services”. 

e Will they require a phone number? Yes, they do. 

e Can you create accounts through Tor? No issues with that so far. 


Achan: 
e Is this against their ToS? No 
e Will they require a phone number? No, they will not. 
e Can you post there with Tor or VPN? Not likely. 


Achan is 4chan ... This guide will not explain 4chan to you. They block Tor exit nodes and known VPN IP ranges. 


You are going to have to find a separate way to post there using at least seven proxies*™ that are not known by 
Achan blocking system (hint: Anonymous VPS using Monero is probably your best option). 


407 Twitter Appeal Form https://help.twitter.com/forms/general 


408 KnowYourMeme, Good Luck, I'm Behind 7 Proxies https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies 
IVNael aY\V-Mo) g4| 
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Crypto Wallets: 

Use any crypto wallet app within the Windows Virtual Machine. But be careful not to transfer anything toward an 
Exchange or a known Wallet. Crypto is in most cases NOT anonymous and can be traced back to you when you 
buy/sell any (remember the Your Cryptocurrencies transactions section). 


If you really want to use Crypto, use Monero which is the only one with reasonable privacy/anonymity. 
Ke Lex] WAZOO) VOLO] Co Mifare RMN NAKOM oLU\Y7AT=1| Moat] ol KoMNiUaMer\1aMine)po ela melal davon vaaM ol=) ee) 08 


What about those mobile-only apps (WhatsApp/Signal) ? 
There are only three ways of securely using those anonymously (that | would recommend). Using a VPN on your 
phone is not one of those ways. All of those are, unfortunately, “tedious” to say the least. 

e Use an Android Emulator within the Windows VM and run the App through your multi-layer of Tor/VPN. The 
drawback is that such emulators are usually quite resource-hungry and will slow down your VM and use 
more battery. Here is also an (outdated) guide on this matter: https://www.bellingcat.com/resources/how- 
tos/2018/08/23/creating-android-open-source-research-device-pc/ “"hve--'8), As for myself, | will recommend 
the use of: 

omer alel qo){obo.cs1 Mela MvAlanlt-]| ole): al (cic{oM al da OSSyMANVAWAW A=] a1e) ge)[0 f>.<sioMeo) a4 Ke (oLeU]nat-laieelulo)aVAVilall-]leley el alagal| 
Archive orl) that you can also set up easily. 

o AnBox (https://anbox.io “"’* °8!) that you can also set up rather easily including on the Whonix 
Workstation, see https://www.whonix.org/wiki/Anbox ’hive ore] 

e Not recommended: Using a non-official app (such as Wassapp for WhatsApp) to connect from the Windows 
VM to the app. Use at your own risk as you could get banned for violating the terms of services by using a 
non-official App. 

e Not recommended and most complicated: Have a burner Smartphone that you will connect to the VM 
layered network through Tethering/Sharing of the connection through Wi-Fi. | will not detail this here, but it 
is an option. 


There is no way to reliably set a decent multi-layered connectivity approach easily on an Android phone (it is not 
even possible on IOS as far as | know). By reliable, | mean being sure that the smartphone will not leak anything such 
as geolocation or anything else from booting up to shutting down. 


Anything else: 
You should use the same logic and security for any other platform. 


It should work in most cases with most platforms. The hardest platform to use with full anonymity is Facebook. 


This will obviously not work with banks and most financial platforms (such as PayPal or Crypto Exchanges) requiring 
actual real official and existing identification. This guide will not help you there as this would be illegal in most 
places. 
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How to share files privately and/or chat anonymously: 

There are plenty of messaging apps everywhere. Some have excellent Ul and UX and terrible Security/Privacy. Some 
have excellent Security/Privacy but terrible Ul and UX. It is not easy to pick the ones that you should use for sensitive 
activities. So, this section will help you do that. 


Before going further, there are also some key basic concepts you should understand: 


End-to-end Encryption: 

End-to-end Encryption’? (aka e2ee) is a rather simple concept. It just means only you and your destination know 
each-others public encryption keys and no one in between that would be eavesdropping would be able to decrypt 
idaremerovanlaalelal(ercld(e)ap 


However, the term is often used differently depending on the provider: 
e Some providers will claim e2ee but forget to mention what is covered by their protocols. For instance, is 
metadata also protected within their e2ee protocol? Or is it just the content of the messages? 
Casio) o ale 0) xo)V/ (02) acme (oll 0] ge) (0(<M=VA=1-m ol Vimo) a] \Var-Kowr-] pe) otal ame) eld(olaM ol kst-] 6) (<tol o\(mel-viclUl ia 
e Some providers do offer e2ee with 1 to 1 messaging but not with group messaging. 
e Some providers will claim the use of e2ee, but their proprietary apps are closed source where no one can 
verify the claim and the strength of the encryption used. 


For these reasons, it is always important to check the claims of various apps. Open-Source apps should always be 
preferred to verify what kind of encryption they are using and if their claims are true. If not open source, such apps 
> aXoLU] Ko Mi a¥=\VZemr= ame) oX=)a) hareh\Z=]1 fe] e) (=m larel=) oXedavei=lauen (aat-\e (cM o)Var- Wm a=) ol ie-] 0) (-Mdalige mm oy-)aa’a maz) olelaaorolalilaaalialcamdarcii mele} laa ice 


Roll your own crypto: 
See the Bad Cryptography section at the start of this guide. 


PNWEW EM ol -Mer- [UL a (olUtMo) m-Je) om aollat-aal-}immon amon elcome laidi Mi mst-Km ol-l-lamac\ ail ielom eo) Matlimlimai-Maay onemelanelaliay 
(or even better published and peer-reviewed academically). Again, this is harder to verify with closed-source 
proprietary apps. 


It is not that rolling your own crypto is bad in essence, it is that good cryptography needs real peer-reviewing, 
auditing, testing... And since you are probably not a cryptanalyst (and | am not one either), chances are high we are 
not competent to assess the cryptography of some apps. 


Forward Secrecy: 

Forward Secrecy*”° (FS aka PFS for Perfect Forward Secrecy) is a property of the key agreement protocol of some of 
1 aXosYom pal xsict-l 4 | av ear) ©) edsur-] ale Msi Meco) nal oy=) alle) am c=y-140] mo) mt -YA-\—Pam al CM at] 0) ol=) ako oly ce) q-m Vol =\1H-] 0) [ks amocolanlanlelalrer-ld(olam inal 
the destination. The “Forward” refers to the future in time and means that every time you establish a new e2ee 
communication, a new set of keys will be generated for that specific session. The goal of forward secrecy is to 
maintain the secrecy of past communications (sessions) even if the current one is compromised. If an adversary 
manages to get hold of your current e2ee keys, that adversary will then be limited to the content of the single 
session and will not be able to easily decrypt past ones. 


This has some user experience drawbacks like for instance, a new device could not be able to conveniently access 
the remotely stored chat history without additional steps. 


So, in short, Forward Secrecy protects past sessions against future compromises of keys or passwords. 
More on this topic on this YouTube video: https://www.youtube.com/watch?v=zSQtyW_ywZc lnvidious] 


Some providers and apps claiming to offer e2ee do not offer FS/PFS sometimes for usability reasons (group 
messaging for instance is more complex with PFS). It is therefore important to prefer open-source apps providing 
forward secrecy to those that do not. 


409 Wikipedia, end-to-end encryption, https://en.wikipedia.org/wiki/End-to-end_encryption Wikies] [Archive.ore] 


410 Wikipedia, Forward Secrecy, https://en.wikipedia.org/wiki/Forward_ secrecy !Wikiess] [Archive.org] 
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Zero-Access Encryption at rest: 

Zero-Access Encryption*" at rest is used when you store data at some provider (let us say your chat history or chat 
of Lo,40] ols) LUI mn May iM al ic1k0) nYAe) au of-(o1.40] oM Io] avol az 01n=Yo Me) aMV{ol0] mx}[o(=M-] alo or-] al alo) ml ol a-t-lo Me) mto(-Yolav 0) X10 o\VmdaleM o)ge)Ulo(-1g 
hosting it. 


Zero-Access encryption is an added feature/companion to e2ee but is applied mainly to data at rest and not 
communications. 


Examples of this issue would be iMessage and WhatsApp, see the Your Cloud backups/sync services at the start of 
this guide. 


So again, it is best to prefer Apps/Providers that do offer Zero-Access Encryption at rest and cannot read/access any 
of your data/metadata even at rest and not only limited to communications. 


Such a feature would have prevented important hacks such as the Cambridge Analytica scandal*” if it were 
implemented. 


Metadata Protection: 
Remember the Your Metadata including your Geo-Location section. End-to-end Encryption is one thing, but it does 
not necessarily protect your metadata. 


For Instance, WhatsApp might not know what you are saying but they might know who you are talking to, how long 
and when you have been talking to someone, who else is in groups with you, and if you transferred data with them 
(such as large files). 


End-to-end Encryption does not in itself protect an eavesdropper from harvesting your metadata. 


This data can also be protected/obfuscated by some protocols to make metadata harvesting substantially harder for 
eavesdroppers. This is the case for instance with the Signal Protocol which does offer some added protection with 
features like: 

e The Sealed Sender option**. 

e The Private Contact Discovery*”*. 

e The Private Group System*”. 


Other Apps like Briar or OnionShare will protect metadata by using the Tor Network as a shield and storing 
everything locally on-device. Nothing is stored remotely, and all communications are either direct using proximity wi- 
fi/Bluetooth or remotely through the Tor network. 


Most apps however and especially closed-source proprietary commercial apps will collect and retain your metadata 
for various purposes. And such metadata alone is enough to figure out a lot of things about your communications. 


Again, it is important to prefer open-source apps with privacy in mind and various methods in place to protect not 
only the content of communications but all the associated metadata. 


Open-Source: 

Finally, Open-Source apps should always be preferred because they allow third parties to check actual capabilities 
and weaknesses vs claims of marketing departments. Open-Source does not mean the app should be free or non- 
commercial. It just means transparency. 


411 Protonblog, What is zero-access encryption and why it is important for security https://protonmail.com/blog/zero-access- 
encryption/ UNiol at come) a-4| 

412 Wikipedia, Cambridge Analytica Scandal, 
https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal !Wikiless] [Archive.org] 


413 Signal Blog, Technology preview: Sealed sender for Signal https://signal.org/blog/sealed-sender/ "hive-orel 


414 Signal Blog, Private Contact Discovery, https://signal.org/blog/private-contact-discovery/ '‘chive.crsl 


415 Signal Blog, Private Group System, https://signal.org/blog/signal-private-group-system/ Archive-ore] 
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Comparison: 
Below you will find a small table showing the state of messaging apps as of the writing of this guide based on my 
tests and data from the various sources below: 
e Wikipedia, https://en.wikipedia.org/wiki/Comparison_of_instant_messaging protocols Wikies] [Archive.org] 
e Wikipedia, https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients 'iK'ess] 
[Archive org] 
e Secure Messaging Apps https://www.securemessagingapps.com/ Archive.ore] 
e ProtonMail Blog, https://protonmail.com/blog/whatsapp-alternatives/ Aches] 
e Whonix Documentation, Instant Messenger Chat https://www.whonix.org/wiki/Chat 4hve-o8] 
e Have alook at https://securechatguide.org/featuresmatrix.html "hve o's] which is also a good comparison 
table for messaging apps. 
© Messenger-Matrix.de at https://www.messenger-matrix.de/messenger-matrix-en.html Archives] 






































App? e2ee’ | Roll Perfect Zero- Metadata Open- Default Native Possible Privacy | De- 
Your Forward | Access Protection | Source Privacy | Anonymous | through Tor ETile| centralized 
Own Secrecy | Encrypti | (obfuscati Settings | Sign-up (no Security 
Crypto on at- on, e-mail or Track 
rest® encryption phone) Record 
=) aK 
Briar Yes No 416 Yes Yes Yes Yes Good WES Natively$ Good Yes (peer 
preferred Si to peer 
Cwtch Yes Ne) Yes Yes Yes Yes Good WES NEIAVENY Good Yes (peer 
(preferred) (telat) to peer) 
Discord No) Closed- | No Ne) Ne) Ne) Bad E-Mail Virtualization Bad Ne) 
(avoid) source’ Required 
Element / Yes Ne) VS Yes Poort? Yes Good Yes Via Proxy? or Good Partial 
Matrix.org (opt- Virtualization (federated 
(preferred) | in) servers) 
Facebook Partial | Closed- | Yes Ne) No) Ne) Bad E-Mail and Virtualization Bad Ne) 
Messenger | (Only source’ maleal 
(avoid) 1to1 / required 
oes) 
OnionShare | Yes Ne) TBD® TBD® VES Yes Good Yes NEVE Good Yes (peer 
(preferred) (Stelate}) to peer) 
Apple Yes (6; (0)-10 SN) Partial Ne) Ne) Good Apple device | Maybe Bad Ne) 
Messages source’ Required Virtualization 
[ELC] using real 
iMessage) Apple device 
2) 
IRC Yes Ne) Ne) Ne) Ne) Yes Bad Yes Via Proxy? or Good Ne) 
(Olin Virtualization 
plugin 
s) 
Jami Yes No418 Nes Yes Partial Yes Good VES Via Proxy? or Good Partial 
(preferred) Virtualization? 
KakaoTalk | Yes Closed- | No‘t9 No Nf) No) Bad No (but Virtualization Bad No 
(avoid) source! ees) 
Keybase Yes No) Partial No) No) Yes Good E-Mail No) 
(explodin Required 
g 
message 
) 
Kik (avoid) | No Closed- | No Ne) Ne) Ne) Bad No (but Virtualization Bad NG 









































416 Briar Documentation, Bramble Transport Protocol version 4 https://code.briarproject.org/briar/briar- 
spec/blob/master/protocols/BTP.md Archive.ore] 

417 Serpentsec, Matrix https://web.archive.org/web/https://serpentsec. 1337.cx/matrix 

418 Wikipedia, GnuTLS, https://en.wikipedia.org/wiki/GnuTLs 'Wikiless! [archive.org] 

419 KTH ROYAL INSTITUTE OF TECHNOLOGYSCHOOL OF ELECTRICAL ENGINEERING, A Security and Privacy Audit of KakaoTalk’s 


End-to-End Encryption www.diva-portal.org/smash/get/diva2:1046438/FULLTEXTO1.pdf rchive-ors] 
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source’ possible) 
Line (avoid) | Partial | Closed- | No Ne) Ne) Ne) Bad No (but Virtualization Bad Ne) 
(ae source’ rees=4s310)(-)) 
i) 
Pidgin with | Yes No) Yes No No) Yes Bad Yes Via Proxy? or Bad*2" iN) 
OTR (avoid) | (OTR Virtualization 
es) 
Cie) Yes Ne) Ne) Ne) No) Yes Good nes Via Proxy? or Medium Yes 
Virtualization ee: 
Session Yes Ne) Ne) Yes Yes Yes Good Yes Via Proxy? or Good Yes 
(Preferred Virtualization'® 
only on 
tess) 
Signal Yes Ne) Yes Yes Yes Yes Good Phone Virtualization Good Ne) 
(moderate) Required 
Skype Partial | Closed- | No Ne) Ne) Ne) Bad No (but Virtualization Bad Ne) 
(EWod()] (Only | source’ possible) 
Itot / 
opt-in) 
SnapChat NG) Closed- | No Ne) Ne) Ne) Bad No (but Virtualization sree Ne) 
(avoid) source’ possible) 
Teams Yes Closed- | No Ne) No) Ne) Bad No (but Virtualization Bad No) 
(avoid) source’ possible) 
Telegram Partial | Yes Partial Yes Ne) iclilig Medium Phone Via Proxy? or Medium Ne) 
(Only | (MTProt | (secret (e2ee off | Required Virtualization ee: 
1to1/ | 0423) chats by 
opt-in) only) default) 
Viber Partial | Closed- | Yes No) No) No) Bad No (but Virtualization Bad No) 
(EWeN()] (Only | source’ possible) 
Ito‘) 
WeChat No) Closed- | No Ne) Ne) Ne) Bad Ne) Virtualization Bad Ne) 
(ENedC)) source” 
WhatsApp | Yes Closed- | Yes Ne) Ne) Ne) Bad Phone Virtualization Bad Ne) 
(ENedC)) source’ Required 
Wickr Me Partial | No Yes Ne) Yes Ne) Good Yes Virtualization Good Ne) 
(Onhy (moderate) 
sich) 
Gajim Yes Ne) Yes No) Ne) Yes Good Yes Via Proxy? or Good Partial 
(XMPP) Virtualization 
(preferred) 
Zoom Disput | No TBD® Ne) Ne) Ne) Bad E-Mail Virtualization Bad 42” Ne) 
(avoid 425) ed 426 Required 
Legend: 


1. The mention “preferred” or “avoid” refers to the use of those apps for sensitive communications. This is just my 
opinion, and you can make your own using the resources above and others. Remember “Trust but verify”. 

e2ee refers to “end-to-end encryption” 

Additional steps might be needed for securing Tor Connectivity 

Their ability and willingness to fight for privacy and not cooperate with various adversaries 

Only the client apps are open-source, not the server-side apps 

This means the data is fully encrypted at rest (and not only during transit) and unreadable by any third party without a 
key you only know (including backups) 

7. Unverifiable because it is proprietary closed source. 

8. To Be Determined, unknown at the time of this writing 


Ow SS 2 


420 Wikipedia, OTR https://en.wikipedia.org/wiki/Off-the-Record_Messaging Wikies] [Archive.org] 

421 pidgin Security Advisories, https://www.pidgin.im/about/security/advisories/ chive-orel 

422 Whonix Forum, Tox Integration https://forums.whonix.org/t/tox-qtox-whonix-integration/1219 Archive ore] 
423T@legram Documentation, MTProto Mobile Protocol https://core.telegram.org/mtproto A*hive.ors] 

424 Wikipedia, Telegram Security Breaches, https://en.wikipedia.org/wiki/Telegram_(software)#Security_breaches [wikliess] 
VNiel aY\VMol ¢ 4 


425 TechCrunch, Maybe we shouldn’t use Zoom after all, https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/ Archive-or8] 


426 The Incercept, Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing 
https://theintercept.com/2020/03/31/zoom-meeting-encryption/ (er Mirror] [Archive.org] 

427 Serpentsec, Secure Messaging: Choosing a chat app https://web.archive.org/web/https://serpentsec.1337.cx/secure- 
messaging-choosing-a-chat-app 
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9. Jami will require you to enable DHTProxy in their options to work and it will be limited to text only. 
10. Session also uses their own Onion Routing solution called LokiNet 


Some apps like Threema and Wire were excluded from this comparison due to not being free and not accepting 
anonymous cash methods such as Cash/Monero. 


Conclusion: 
Remember: Appendix B1: Checklist of things to verify before sharing information. 


| will recommend these options in that order (as also recommend by Privacyguides.org*?®’*7° 


Cwtch): 
e = =macOS: 

o Native Tor Onion Routing Support (preferred): 
= OnionShare version >2.3 (https://onionshare.org/ [oF Mirror] [Archive.org]) # 
*" — Cwtch (https://cwtch.im “""e-°'s] warning, this is at the alpha/beta stage)** 

omnes \ Colaba FelahVeim Ko) aesiUl 0) fo) ama (at -t=xe owr-Lo(e lid (elar-] Mik) osswn ce) an (ol-t-] i-lale) aN @anliavm komo) ge) am imdalcole)-4 aim Ke) mdalaole]=4a) 

Virtualization or Proxying): 

=  Element/Matrix.org (https://element.io/ “’hve-or8]) 
= Jami (https://jami.net/ Archive ors!) * 
=~ Gajim/XMPP (https://gajim.org/ “chive orel) 


except for Session and 


e Windows: 
© Native Tor Onion Routing Support (preferred): 
= OnionShare version >2.3 (https://onionshare.org/ [o" Mirror] [Archive.org]) +x 
* ~ Cwtch (https://cwtch.im °-°'s] warning, this is at the alpha/beta stage)** 
oom \ (oYaba\ F-laiVicia Ko) mesiUl 0) ofo) ama (ai -\=xeicwr-Lo(e lid (e)ar-] Moix=) olin xe) an (ol=t-] i-lalelaN Zanlia miko o]go).Qmimdalaelel-4 aim Kolandalaole]=4a) 
Virtualization or Proxying): 
= Element/Matrix.org (https://element.io/ “’hiveorel) 
= Jami (https://jami.net/ “rhe orely* 
=~ Gajim/XMPP (https://gajim.org/ Archive orel) 
e Linux: 
OM -laiVc-m Ko) Ol altoyaM ColUiu|ay-msie]o) elolam(le-1i-lae-1e) p 
= Briar (https://briarproject.org/ *hve-orel) * 
* ~OnionShare version >2.3 (https://onionshare.org/ [ Mirror] [Archive.org]) * 
*"—— Cwtch (https://cwtch.im “'"'e-°'s] warning, this is at the alpha/beta stage)** 
omnes \ Colaba F-laiVieial Ko) mesiUl 0) fo) am (ai=l=Xe [swr-Lo (elie) ar-] mcin=] osm xelan(ol-t-]i-lalelaN{anlia vm ke o)ge). am imdalcole)=4 aim Ke) adalaole]=4a) 
Virtualization or Proxying): 
= Element/Matrix.org (https://element.io/ “’hive-ore]) 
= Jami (https://jami.net/ Archive orl) * 
=~ Gajim/XMPP (https://gajim.org/ Archive oral) 


* Note that for Jami to work over Tor, you will have to enable the local DHTProxy option within Jami Settings. This 
will only work for text messages and not for calls/videos) 


iodeald \ (0) KM a¥-] Mud a{=i{-Mo) oLd[o)aIoM 51a r-] om @\UVARe ayer] ae @)al(olans)ar-la-) melomalelanci) 0) ofolamanlU|idro(-\V(a=tom (1am ColUlalalcolgaarld(elaM ts 
strictly stored on the device/OS where you are setting it up. Do not use those on a non-persistent OS unless you 
want ephemeral use. 


Any safe options for mobile devices? Yes, but these are not endorsed/recommended except Briar on Android. 
Remember also that this guide discourages the use of smartphones for sensitive activities in general. 
Cie Vale |ae) (oH 
0 Briar (https://briarproject.org/ “hve--rel) 
o  Cwtch (https://cwtch.im "el warning, this is at the alpha/beta stage) 


428 Privacyguides.org, File-Sharing https://privacyguides.org/software/file-sharing/ Archive ore] 


429 Privacyguides.org, Real-Time Communication https://privacyguides.org/software/real-time-communication/ ’chive-ors] 
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e iOS: 

o Due to the lack of any better option and while it is normally not recommended: Session Messenger: 
https://getsession.org/ “”hve-'8], Why is it not recommended these days within the privacy 
community? Well, it is because they recently*”° dropped two key security features from their 
protocol: Perfect Forward Secrecy and Deniability which are considered rather essential in most 
other apps. Yet Session has been audited**! with satisfactory results but that audit does not mention 
these changes. We also currently lack sufficient information on LokiNet (the Onion Routing Network 
used by Session) to endorse it. Session is still recommended by some like Techlore**. 


Note that all the non-native Tor options must be used over Tor for safety (from Tails or a guest OS running behind 
the Whonix Gateway such as the Whonix Workstation or an Android-x86 VM). 


AVV/ ai C=Wu io LoMM atoyan a=Xoro)oayaat=yae Man \essi me) md at=Waala\scy-¥<4] a\-am e) lace) an atm ce) mn daleM\Z-] a lolU ism a-y- lio) almolUia li avclom-] efe)VZ-m fe) atolatcmalllaalol-ig 
and e-mail requirements), this does not mean it is not possible to use them anonymously if you know what you are 
doing. You can use even Facebook Messenger anonymously by taking the necessary precautions outlined in this 
guide (virtualization behind a Tor Gateway on a non-persistent OS). 


The ones that are preferred are recommended due to their stance on privacy, their default settings, their crypto 
choices but also because they allow convenient anonymous sign-up without going through the many hassles of 
having a phone number/e-mail verification method and are open source. 


Those should be privileged in most cases. Yes, this guide has a discord server, and a Twitter account despite those 
not being recommended at all for their stance on privacy and their struggle with anonymity. But this is about me 
Youd faloar=]o}e) qe) e)ar-1ul Vm lamaat-] (alsa dalicm-40l(o(=m-nVZ-l 1 f-]e) (moma al aat-lalvar-)aromee)a\iclal(=aldn/@vcyi alam aanva=>.4 ele) a(-1alecer-lale| 
knowledge to do so as anonymously as possible. 


| do not endorse or recommend some mainstream platforms for anonymity including the much-praised Signal 
which to this date still requires a phone number to register and contact others. In the context of this guide, | 
strongly recommend against using Signal if possible. 


How to share files publicly but anonymously: 
Warning: before sharing anything publicly, make sure your files are curated of any information that could 
compromise your identity. See Appendix B1: Checklist of things to verify before sharing information. 


Consider the following platforms: 


e = Cryptpad.fr (https://cryptpad.fr/): Free tier limited to 1GB total and recommended by PrivacyGuides.org at 
https://privacyguides.org/providers/cloud-storage/ *chive-crs] 

e AnonArchive (https://anonarchive.org/): free tier limited to 1GB total 

e Filen (https://filen.io/): free tier limited to 10GB total 


Consider the use of IPFS*?: 
e = Pinata (https://www.pinata.cloud/): Free tier limited to 1GB total 


Redacting Documents/Pictures/Videos/Audio safely: 
You might want to self-publish some information safely and anonymously in the form of writing, pictures, videos, ... 


For all these purposes here are a few recommendations: 
e Ideally, you should not use proprietary software such as Adobe Photoshop, Microsoft Office... 
e Preferably, you should use open-source software instead such as LibreOffice, Gimp... 


430 GetSession.org, The Session Protocol: What’s changing — and why https://getsession.org/session-protocol-explained/ 
[Archive org] 

431 Quarkslab, Audit of Session Secure Messaging Application https://blog.quarkslab.com/audit-of-session-secure-messaging- 
application.html Archive.ors] 

432 Techlore, Top 5 BEST Messengers For Privacy https://www.youtube.com/watch?v=aVwl892hqb4 lnvidious] 

433 Wikipedia, IPFS https://en.wikipedia.org/wiki/InterPlanetary_File_System [Wikiless] [Archive.org] 
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While the commercial alternatives are feature-rich, they are also proprietary closed-source and often have various 
issues such as: 
e Sending telemetry information back to the company. 
e Adding unnecessary metadata and sometimes watermarks to your documents. 
e These apps are not free, and any leak of any metadata could be traced back to you since you had to buy 
these somewhere. 


It is possible to use commercial software for making sensitive documents, but you should be extra careful with all 
the options in the various Apps (commercial or free) to prevent any data leak from revealing information about you. 


Here is a comparative table of recommended/included software compiled from various sources (PrivacyGuides.org, 
Whonix, Tails, Prism-Break.org, and me). Keep in mind my recommendation considers the context of this guide with 
Coy al Vas) exe) ar-lel(ome)al ilatem ola =x) alee) alr- I al=tstenl o-k ce 


Type Prism- PrivacyGuides.org | Tails 
Break.org 


Offline LibreOffice NEN LibreOffice* LibreOffice 
Document 

Editing 

Online NEN Cryptpad.fr | Cryptpad.fr, 

Document Etherpad.org, 

Editing Privatebin.net 

(collaboration) 


Pictures Editing NAN 
(8) 


This guide 


LibreOffice, 
Notepad++ 


Cryptpad.fr, 
Etherpad.org, 
Privatebin.net 


GIMP 


Audio Editing PNUTorTeliay 
NVitol=Yom Xo lial ays Flowblade NEN Flowblade (L) 
(a) (eo) TiVZ=m (ca) 
OpenShot (?) 
we ShotCut (?) 
Nol 1210) Vo) \<ok(olg=1=) an PLN AV{o) \<okstol n=1=) 0) 
Media Player 


PDF Redaction PDF-Redact 


a Koyo) mB) 


PDF-Redact 
mere) m) 


LibreOffice, 

PDF-Redact 

Tools (L) 

Legend: * Not recommended but mentioned. N/A = Not Included or absence of recommendation for that software 
type. (L)= Linux Only but can maybe be used on Windows/macOS through other means (HomeBrew, Virtualization, 
Cygwin). (?)= Not tested but open-source and could be considered. 





In all cases, | strongly recommend only using such applications from within a VM or Tails to prevent as much 
leaking as possible. If you do not, you will have to sanitize those documents carefully before publishing (See 
Removing Metadata from Files/Documents/Pictures). 


(CLoyanvanve lay (or-iulalcasci-l aici iu hVZou [alke)anar-la(olammem’z-]a(elUKm anton \/amelacx-lalp4elulelaise 
You might be interested in communicating information to some organization such as the press anonymously. 


If you must do so, you should take some steps because you cannot trust any organization to protect your 
anonymity**4. See Appendix B1: Checklist of things to verify before sharing information. 


434 Praxis Films, Open Letter from Laura Poitras https://www.praxisfilms.org/open-letter-from-laura-poitras/ A*chiveorsl 
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For this, | strongly recommend the use of SecureDrop*® (https://securedrop.org/ ""'-°'8l) which is an open-source 
project from the Freedom of the Press Foundation. 
e Dotake a moment to their read their “source guide” here: 
https://docs.securedrop.org/en/stable/source.html "chive ore) 
e Ideally, you should use SecureDrop over Tor and you will find a curated list of those here 
https://github.com/alecmuffett/real-world-onion-sites#securedrop A’hive.orel 


him ale) mesy-{o0] a -1D) co) oN aio) mr-)\Z-]1(-] ol (=P VolU Mxole] (Meo) akle (1 ar-lahvaoldal=] am aalct-)alcmo)maoloalaalelal(er-iulo)apm olUimmolU Rm alol0l (ol ola nva|(ct-x-) 
those that are encrypted end to end. Do not ever do this from your real identity but only from a secure 
environment using an anonymous identity. 


AVAVAi aXe) Ui unsy-YolU] q-] DJ qe) on ZolUIorol¥] Le Move) aisi(o(=1 as 
e Using e-mail with GPG encryption provided your recipient has published a GPG key somewhere. You can look 
this up here: 
o On their verified Social Media accounts (Twitter) if they provided it. 
o Onhitps://keybase.io (Tor address 
http://keybase5wmilwokairssclfnsqrjdsi7jdirswy7y7iu3tanwmtp6oid.onion) 
© Onopen PGP directories such as: (be careful as those are public directories and anyone can upload 
any key for any e-mail address, you will have to cross-check the signature with other platforms to 
be sure it is theirs). 
=  https://pgp.mit.edu/ 
=  https://keyserver.ubuntu.com/ 
=  https://keys.openpgp.org 
e Using any other platform (even Twitter DMs) but again using GPG to encrypt the message for the recipient. 


AVAVA ake] mnvZol¥ mci avel0) Ce fr-\e)(ol Vin (Ok 
a DYoM alo) ary=1atoM o) anVZsilor=] Maatel@=laT-] MUI |avomd atom oYol-iaxe [O1=W col ual=W alc) are) il (=t-NV/[ayoam DN PVA mil avex=1a 0) a] ay awe) @tela al=) an d@-\erete] 0) (=) 
information (see Cash-Paid VPN (preferred)). 
e Do not use methods linked to a phone number (even a burner one) such as Signal/WhatsApp/Telegram. 
Cia DYoM alo) mULY=M-] ph Van diate me) mVce)[er=AVA[e(=Xomerolanaalelal(ecia lela 
e Do not leak any clues about your real identity when exchanging messages. 
e Do not meet people in real life unless you have absolutely no other option (this is a last resort option). 


If you intend to break your anonymity to protect your safety: 
e Assess the risks very carefully first. 
e Inform yourself carefully on the legality/safety of your intent and the consequences for you and others. 
Wl alialar-)elelUlmimer-la-viv INVA 
e Possibly reach out to a trusted lawyer before doing so. 


Maintenance tasks: 
e You should sign-up carefully into your accounts from time to time to keep them alive. 
e Check your e-mail regularly for security checks and any other account notification. 
e Check regularly the eventual appearance of compromise of any of your identities using 
https://haveibeenpwned.com/ /'shive-or8l (obviously from a safe environment). 


Backing up your work securely: 


DYoM atop m=\1(-) me) o)(oy-VeM=taloay/elc-te mil (-Mee lal e-lin-lemUidame)f-lecy)e)(-mel-Talt-le)ilimvmcal(ele(-vamaelaie-lit-em ia idllemanlin) meemile lta 

Col (ol U Lo Y=] av (or=rom (Ol (elU(e MM CLoley-4 (=m DJ gi V-MmO)a\-1D)aiV(-¥au Dl ge) e)oloy 4d MUUidalolUimy-V ici arm e)e-Lor-[Uid(ol awa NaC ol-for-[ULY-M ratory mal (ol Ufo] 

services keep backups/versioning of your files, and such backups/versioning of your encrypted containers can be 
used for differential analysis to prove the existence of a hidden container. 


Instead, this guide will recommend other methods of backing up your stuff safely. 


435 Wikipedia, SecureDrop https://en.wikipedia.org/wiki/SecureDrop !Wikiless] [Archive org] 
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Offline Backups: 


These backups can be done on an external hard drive or a USB key. Here are the various possibilities. 


Selected Files Backups: 


Requirements: 
For these back-ups, you will need a USB key or an external hard drive with enough storage capacity to store the files 
VOLU IAW Z-] ai an Koll of-(0, 410) oF 


Veracrypt: 
For this purpose, | will recommend the use of Veracrypt on all platforms (Linux/Windows/macOS) for convenience, 
security, and portability. 


Normal File containers: 
The process is fairly simple and all you will need is to follow Veracrypt tutorial here: 
https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html| “*chve-orel 


In this container, you can then store sensitive data manually and or use any backup utility you want to backup files 
from the OS to that container. 


You can then store this container anywhere safely. 


Hidden File containers with plausible deniability: 
The process is also fairly simple and similar to the earlier tutorial except for this time you will use the Veracrypt 
wizard to create a Hidden Veracrypt Volume instead of a Standard Veracrypt Volume. 


You can create a Hidden volume within an existing Standard Volume or just use the wizard to create a new one. 


Let us say you want a container of 8GB, the Wizard will first create an “outer volume” where you will be able to store 
decoy information when prompted. Some decoy files (Somewhat sensible, plausible but not what you want to hide) 
should be stored in the decoy volume. 


Then Veracrypt will ask you to create a smaller hidden container (for instance 2GB or 4GB) within the outer volume 
where you can store your actual hidden files. 


When you select the file for mounting in Veracrypt, depending on which password you provide, it will mount the 
(O]Ui n=) mrol-Yoro)VAVo) UI ani-Meo) mi dal=Wullele(-lamvce)lUlaaten 


You can then mount your hidden volume and use it to store sensitive files normally. 


Be careful when mounting the Outer decoy volume to update its content. You should protect the hidden volume 
from being overwritten when doing this as working in the decoy volume could overwrite data in the hidden 
volume. 


momo (od alicpm/ allem aatelllavdlalcadatM DY-leco)VAnvAo) 10] nal-Mmcr=) (Lois \Y/(ol0] alm @) old(o) acer) ale @lal-Yol aid al Mm aco) e-loi mal (olol=Tamvce) 0] aa\= Mare) olde) a] 
and provide the hidden volume password on the same screen. Then mount the decoy volume. This will protect the 
hidden volume from being overwritten when changing the decoy files. This is also explained here in Veracrypt 
documentation: https://www.veracrypt.fr/en/Protection%200f%20Hidden%20Volumes.htm| *chive.ors] 


Be extremely cautious with these file containers: 

e Donot store multiple versions of them or store them anywhere where some versioning is being done (by 
the file system or the storage system). These file containers should be identical everywhere you store 
them. If you have a backup of such containers somewhere, it needs to be absolutely identical to the one 
you are using. If you do not take this precaution, an adversary could compare two different versions of 
this container and prove the existence of hidden data. Follow carefully the recommendations here 
https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html 'hive.ore], 
Remember the Local Data Leaks and Forensics: section. 

e | strongly recommend storing such containers on external USB keys that you will only mount from your guest 
WAN Kswr-] aXe Mat =\V-1an i colanin’{ol0] aa m(oysimOSMw-Vin-l a -t-losMerlolelii(er-id(olamaomdal-Mil (=m ZolUmy aCole) (oMall=t-laMda(-Mig-\-¥y oy-[a-Me) 1] 
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the USB disk and make sure that any backup of such containers is absolutely identical on each key and 
your computer. See the How to securely delete specific files/folders/data on your HDD/SSD and Thumb 
drives section of this guide for help on doing this. 

e If you have time, I will even recommend that you delete wipe the keys completely before making any 
atelelhicer-lacelaMolsMvCasmaolale-lial-leMolsmiceleimaclinlLeic-lat (mol meleMaolmi old Miceli man(-MUh):M <-\Vmellc-(od lV) am Malm 
to prevent an adversary that would seize your assets before you could update the keys from having multiple 
versions of the containers that could lead to proving the existence of hidden data using forensics techniques. 

e Donot ever store such containers on cloud storage platforms that have backups and where you have no 
direct control over permanent deletion. They might keep “old versions” of your files which can then also 
be used by forensics to prove the existence of hidden data. 

e If you are mounting the hidden volume from your Host OS (not recommended), you should erase all traces 
of this hidden volume everywhere after use. There could be traces in various places (system logs, file 
systems journaling, recent documents in your applications, indexing, registry entries...). Refer to the Some 
additional measures against forensics section of this guide to remove such artifacts. Especially on Windows. 
Instead, you should mount them on your Guest VMs. With Virtualbox for instance, you could take a snapshot 
of the VM before opening/working the hidden volume and then restore the snapshot before 
opening/working on it after use. This should erase the traces of its presence and mitigate the issue. Your 
Host OS might keep logs of the USB key being inserted but not of the hidden volume usage. Therefore, | do 
not recommend using these from your host OS. 

e Do not store these on external SSD drives if you are not sure you can use Trim on them (see the 
Uy avel=Vacie-) ale) |atcal lB) DAVES) DX -Yo1d(0) 9) F 


Full Disk/System Backups: 

TLDR version: Just use Clonezilla as it worked reliably and consistently with all my tests on all operating systems 
except for Macs where you should probably use native utilities (Time Machine/Disk utility instead) to avoid 
compatibility issues and since you are using Native macOS encryption. When using Windows, do not back up a 
partition containing a hidden OS in case you use Plausible Deniability (as explained before, this backup could allow 
an adversary to prove the existence of the hidden OS by comparing the last backup to the current system where data 
will have changed and defeat plausible deniability, use file containers instead). 


You will have two options here: 

e (Not recommended) Doing your backup from the live operating system using a backup utility (commercial 
utilities such as EaseUS Todo Free, Macrium Reflect...) or native utilities like macOS Time Machine, QubesOS 
Backup, Ubuntu Déja Dup, or Windows Backup...). 

o This backup can be done while the Operating System is running. 

o This backup will not be encrypted using the disk encryption but using the Backup utility encryption 
Fl ieXolaivaleam WU alceaM elem] Mat-\cmcom dae lcimr- alo Wer-]alatoyana=t-]) \Vaecolald qo) comm salesin Mw-Vin-laar-1HiVZ-) VAM ZOlU mel] [6] 
encrypt the backup media yourself separately (for instance with Veracrypt). | am not aware of any 
free or non-free utility that natively supports Veracrypt. 

o Some utilities will allow for differential/incremental backups instead of full backups. 

o These backup utilities will not be able to restore your encrypted drive as-is as they do not support 
those encrypted file systems natively. And so, these will require more work to restore your system in 
an encrypted state (re-encryption after restoring). 

e (Recommended) Doing it offline from a boot drive (such as with the free open-source Clonezilla). 

o This backup can only be done while the Operating System is not running. 

o This backup will back up the encrypted disk as-is and therefore will be encrypted by default with the 
same mechanism (it is more like a fire and forget solution). The restore will also restore the 
encryption as-is and your system will immediately be ready to use after a restore. 

o This method will not allow incremental/differential back-ups (meaning you will have to re-do a full 
backup every time). 

o This method is the easiest to manage. 


| made extensive testing using live backups utilities (Macrium Reflect, EaseUS Todo Reflect, Déja Dup...) and 
personally | do not think it is worth it. Instead, | would recommend that you periodically back up your system with a 
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simple Clonezilla image. It is much easier to perform, much easier to restore, and usually works reliably without 
issues in all cases. And contrary to many beliefs, it is not that slow with most backups taking about an hour 
depending on the speed of your destination media. 


For backing up single files while you work, | recommend using file containers or encrypted media directly and 
manually as explained in the earlier section. 


Requirements: 

You will need a separate external drive with at least the same or more free space available than your source disk. If 
your laptop has a 250GB disk. You will need at least 250GB of free disk space for the full image backup. Sometimes 
this will be reduced significantly with compression by the backup utility but as a safety rule, you should have at least 
the same or more space on your backup drive. 


Some general warnings and considerations: 
e If you use Secure Boot, you will need a backup utility that supports Secure Boot which includes Clonezilla 
AMD64 versions. 
e Consider the use of exFAT as the file system for your backup drives as those will provide better compatibility 
between various OSes (macOS, Linux, and Windows) vs NTFS/HFS/ext4... 


Linux: 

Ubuntu (or any other distro of choice): 

Ala =xexoyaalaat=dareMaal-MUlX-Mo) mma al Mo) f=) atacve]0) corm @i(o)al-y4l|t-MUia| |iavmce) mrevola\i-lal(=lalecu-laloMa=iit-]o)i inva olvimual-le-M-|aomaar-lang 
other native Linux utilities and methods you could use for this purpose. 


So, you should follow the steps in Appendix E: Clonezilla 


(OlU] ef-s 

Qubes OS recommends using their own utility for backups as documented here https://www.qubes- 
os.org/doc/backup-restore/ "esl, But it is just a hassle and provides limited added value unless you just want to 
back up a single Qube. So instead, | am also recommending just making a full image with Clonezilla which will 
remove all the hassle and bring you back a working system in a few simple steps. 


So, you should follow the steps in Appendix E: Clonezilla 


Windows: 
| will only recommend the use of the open-source and free Clonezilla utility for this purpose. There are commercial 
utilities that offer the same functionality, but | do not see any advantage in using any of them vs Clonezilla. 


Some warnings: 

e  |f you use Bitlocker for encryption with TPM**° enabled, you might need to save your Bitlocker Key (safely) 
somewhere as well as this might be needed to restore your drive if your HDD/SSD or other hardware parts 
(ol af-]av sore Py Navolu a(=) are) olu(olaMm(el0] (eM ol-mKoMULY-Ms)iu (ole) ¢-lmn UiaalelUl mual-MUKY-Moymm Noa \/MnVal (ola Mmole] (om sola a-Yo[U][acmaal is 
(oo) dcolapu s1U] mr-l-x-] layin Me (eM alolen a-Yeo)aavaat=lalomeci|ateasiiu (ole <-)ar-1mr-]1 6 

e You should always have a backup of your Veracrypt rescue disk at hand somewhere to be able to resolve 
some issues that might still appear after a restore. Remember this rescue disk does not contain your 
passphrase or any sensitive information. You can store it as is. 

e lf you changed the HDD/SSD after a failure, Windows 10 may refuse to boot if your hard drive ID is changed. 
You should also save this ID before backing up as you might need to change the ID of the new drive as 
Windows 10 might require a matching ID before booting. See Appendix F: Diskpart 

e Incase you are using Plausible Deniability on Windows. DO NOT back up the hidden OS partition as this 
image could be used by Forensics to prove the existence of the hidden volume as explained earlier. It is 
okay to back up the Decoy OS partition without issues, but you should never back up the partition 
containing the Hidden OS. 


Follow the steps in Appendix E: Clonezilla 


436 Wikipedia, TPM https://en.wikipedia.org/wiki/Trusted_Platform_Module !Wikiless] [Archive.org] 


Page 160 of 243 








MateM mlineialall<-leecn 10) (e(-mon @)alilat-w-Valey an zanlia’s 


macOS: 

| would recommend just using the native Time Machine backup with encryption (and a strong passphrase that could 
be the same as your OS) as per the guides provided at Apple: https://support.apple.com/en-ie/guide/mac- 
help/mh21241/mac *"hve-or8] and https://support.apple.com/en-ie/guide/mac-help/mh11421/11.0/mac/11.0 


[Archive org] 


So, plug in an external drive and it should prompt you to use it as a Time Machine backup. 


You should however consider formatting this drive as exFAT so that it is also usable by other OSes conveniently 
(Windows/Linux) without added software using this guide: https://support.apple.com/en-ie/guide/disk- 
utility/dskutl1010/mac "hive ore! 


It is just simpler and will work online while you work. You will be able to recover your data on any other Mac from 
the recovery options and you will be also able to use this disk for backing up other devices. 


Lim my oo}<4s)| 0) (=m KoM=] Vo MU KTM Ol (0) a(=¥4]1F-MuoMel (ol al -mvZo10] am \V/F-(om ml-] qe DJ a) V{-em ol Ui ani am ecolU] (oll olal al=m a-]aeoMi\cclaqmece)aaloy-iul oli ImVa Ul =swr-] ale, 
ro) go) of-] 0) ANAL | Mareder-LoloManlblel Mi almx=laaalcMe) msC-1l0] a nV AmsLopmn Ko) al pat-(ol Ohya Wr-lanlu avons) ol-Loll ier] ihmaclxolenlant-alel lala @lelal=y4li Ck 


(©) al ifatem sy-1e1. 40] sp 


Files: 
This is a tricky one. The problem is that it depends on your threat model. 

e  TLDR: Do not store file containers with plausible deniability (Veracrypt) online. If you use containers with 
plausible deniability, you should never store them on any platform where you do not have full control over 
the deletion process as the platform will most likely have backups of previous versions for some time. And 
again, these previous versions could allow forensics to prove the existence of hidden data and defeat 
plausible deniability. This includes platforms like DropBox, Google Drive, OneDrive, or others. The only 
acceptable online storage of those could be “cold storage” (meaning you will never change those files again 
and just keep them away untouched compared to any local version). 

e If you use normally encrypted backups without plausible deniability, you could store them pretty much 
anywhere if they are properly encrypted locally before uploading (for example with Veracrypt, using strong 
passphrases and encryption). Do not ever trust the encryption of any online provider. Only trust your own 
local encryption (using Veracrypt for instance). For these cases, you could store your backups pretty much 
anywhere in the accounts of your online identities (iCloud, Google Drive, DropBox...) if they are strongly 
encrypted locally before uploading. But you could also prefer privacy caring services such as Cryptpad.fr 
(1GB). 


Obviously do not ever do/access those backups from unsecured/unsafe devices but only from the secure 
environments, you picked before. 


Self-hosting: 
Self-hosting (using Nextcloud for instance) is also a possibility provided you do have an anonymous hosting 


Please see Appendix A1: Recommended VPS hosting providers. 
Please also consider Appendix B2: Monero Disclaimer. 


Cloud-hosting: 
For smaller files, consider: 


e Cryptpad.fr (https://cryptpad.fr/): Free tier limited to 1GB total and recommended by PrivacyGuides.org at 
https://privacyguides.org/providers/cloud-storage/ A’chive.ore] 

e = AnonArchive (https://anonarchive.org/): free tier limited to 1GB total 

e Filen (https://filen.io/): free tier limited to 10GB total 


Jaa mele] aaelava\ mare) arch i'c-1aemeym-]an’aelal llatemcine) a-¥X=¥ A alesiul ayem 6) tla xe) a aam-\ecor=] old] ayeaer- Io) a lu oY \YZaal=val eM Ul ali. com 9) Ro) Te (=) a) 
mat=Valdle)al=xe il el=1K0)¢- 


Page 161 of 243 








Matem mlineialall<-isecn 10) (e(-mon @)alilal-w-Vavelanzanlia’s 


If you do intend to store sensitive data on “mainstream platforms” (Dropbox, Google Drive, OneDrive...), remember 
not to ever store plausible deniability containers on those and remember to encrypt and check (for metadata...) 
anything locally before uploading there. Either with software like Veracrypt or with a software like Cryptomator 
(aid okey Keolavolne)aateine) eo) g4 bm DLom ave) m=NV/-) m0] 0) (ol-LoM arelarr=lavol av] 0) c=10 Mm i] (=\Mo) ama aLols=m o)[-] Ke) a aakcer-) atom a=) eY=t-] a] avom aanVAX=) | eda) NY 
access them from a secure shielded VM. 


Information: 
If you just want to save information (text), | will recommend the use of secure and private pastebins**’. Mostly | will 
stick to the ones recommended by PrivacyGuides.org (https://privacyguides.org/providers/paste/ "chive-crel ) ; 


LEY 


e =https://privatebin.info/ 
e =https://cryptpad.fr/pad/ 


On these providers, you can just create a password-protected pad with the information you want to store. 


Just create a pad, protect it with a password and write your info in it. Remember the address of the pad. 


Synchronizing your files between devices Online: 
To that, the answer is very simple and a clear consensus for everyone: https://syncthing.net/ “’hve-o8) 


Just use SyncThing, it is the safest and most secure way to synchronize between devices, it is free and open-source, 
and it can easily be used in a portable way without install from a container that needs syncing. 


Covering your tracks: 
Understanding HDD vs SSD: 


Platters 


Spindle 


Cache 
R/W Head o ‘ - Controller 
Actuator Arm 
NAND Flash Memory 


Actuator Axis 


Actuator 





If you intend to wipe your whole HDD laptop, the process is rather straightforward. The data is written at a precise 
location on a magnetic (hard) platter (why it is called a hard drive) and your OS knows precisely where it is on the 
platter, where to delete it, and where to overwrite it for secure deletion using simple processes (like just overwriting 
iva¥e) am (oYer-\d(olaMe)’{-lar-]ale Meo) V-) ane) alul malemug-(acte-] ec (10 


On the other hand, if you are using an SSD drive, the process is not as simple as the drive uses several internal 
mechanisms to extend its lifespan and performance. Three of those processes are of particular interest when it 
comes to us in this guide. SSD drives are divided themselves into two main categories: 

e ATA Drives (usually SATA and usually 2.5” format as the image above). 

e NVMe Drives (usually M.2 format as the illustration below). 


Here are examples of the most common formats: 


437 Wikipedia, Pastebin https://en.wikipedia.org/wiki/Pastebin Wikiless] [Archive.org] 
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The methods and utilities to manage/wipe them will vary depending on the type of drive you are using. So, it is 
Tan) ele) an-la ian elUm dare\ Vani al (ela olal=mvcolUmar-\ Vem lake (om\Zel0) aut] 0) Ke) om 


On most recent laptops, chances are high that it will be one of the middle options (M.2 SATA or M.2 NVMe). 


Wear-Leveling. 

These drives use a technique called wear leveling**®. At a high level, wear leveling works as follows. The space on 
every disk is divided into blocks that are themselves divided into pages, like the chapters in a book are made of 
pages. When a file is written to disk, it is assigned to a certain set of pages and blocks. If you wanted to overwrite the 
file in an HDD, then all you would have to do is tell the disk to overwrite those blocks. But in SSDs and USB drives, 
erasing and re-writing the same block can wear it out. Each block can only be erased and rewritten a limited number 
of times before that block just will not work anymore (the same way if you keep writing and erasing with a pencil 
and paper, eventually the paper might rip and be useless). To counteract this, SSDs and USB drives will try to make 
sure that the number of times each block has been erased and rewritten is about the same so that the drive will last 
as long as possible (thus the term wear leveling). As a side effect, sometimes instead of erasing and writing the block, 
a file was originally stored on, the drive will instead leave that block alone, mark it as invalid, and just write the 
modified file to a different block. This is like leaving the chapter in the book unchanged, writing the modified file on a 
(ol uarcdacdaiem of-}-<-pur-] ale Maalclan [UKim 0) oler-)al ala dal=W efoto) acme] 0] (Mey more)aln=1al acm Koy ofo)/almixold al=W al-i\i'm (eler-|d(o)ahw-A\ Me) im val isMoYocol¥] acr- | ar] 
very low level in the electronics of the disk, so the operating system does not even realize it has happened. This 
means, however, that even if you try to overwrite a file, there is no guarantee the drive will actually overwrite it, and 
that’s why secure deletion with SSDs is so much harder. 


Wear-leveling alone can therefore be a disadvantage for security and an advantage for adversaries such as forensics 
examiners. This feature makes classic “secure deletion” counter-productive and useless and is why this feature was 
removed on some Operating Systems like macOS (as from version 10.11 El Capitan) where you could enable it before 
on the Recycle Bin. 


Most of those old secure deletion utilities were written with HDD in mind and have no control over wear-leveling 
Fl alomr-|a=mxo)aalo) (ine) Va ole) [ald (ccm Za) Amel [alar-]amsys) DEw-\Ve)(ol val-laa me air-]amss) Die | aiV(-e 
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(daily, weekly, monthly...). This Trim command will then let know the SSD drive controller that there are pages within 
blocks containing data that are now free to be really deleted without deleting anything itself. 


Trim should be enabled by default on all modern Operating Systems detecting an SSD drive covered in this guide 
(macOS, Windows 10, Ubuntu, Qubes OS...). 


438 Wikipedia, Wear Leveling https://en.wikipedia.org/wiki/Wear_leveling 'iKiless] [Archive.org] 
439 Wikipedia, Trim https://en.wikipedia.org/wiki/Write_amplification#TRIM 'Wikiless] [archive.org] 
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the blocks and pages will be occupied by data. Your OS will not see this and will just see free space as you delete 
files, but your SSD controller will not (this is called Write Amplification’). This will then force the SSD controller to 
erase those pages and blocks on the fly which will reduce the write performance. This is because while your OS/SSD 
can write data to any free page in any bock, erasure is only possible on entire blocks, therefore, forcing your SSD to 
perform many operations to write new data. Overwriting is just not possible. This will defeat the wear-leveling 
system and cause performance degradation of your SSD over time. Every time you delete a file on an SSD, your OS 
should issue a Trim command along with the deletion to let the SSD controller know the pages containing the file 
data are now free for deletion. 


So, Trim itself does not delete any data but just marks it for deletion. Data deleted without using Trim (if Trim has 
been disabled/blocked/delayed for instance) will still be deleted at some point by the SSD garbage collection or if 
you want to overwrite what the OS sees at free space. But it might stick around for a bit longer than if you use Trim. 


Here is an illustration from Wikipedia showing how it works on an SSD drive: 


free free free free free 


free free free free free 


free free free free free 


free free free free free 


1. Four pages (A-D) are written 2. Four new pages (E-H) and four 3. In order to write to the pages 

to a block (X). Individual pages replacement pages (A’-D’) are with stale data (A-D) all good 

can be written at any time if written to the block (X). The pages (E-H & A’-D’) areread and 

they are currently free (erased). original A-D pages are now written to a new block (Y) then 
invalid (stale) data, but cannot the old block (X) is erased. This 
be overwritten until the whole last step is garbage collection 
block is erased 





As you can see in the above illustration, data (from a file) will be written to the four first pages of Block X. Later new 
data will be written to the remaining pages and the data from the first files will be marked as invalid (for instance by 
a Trim operation when deleting a file). As explained on https://en.wikipedia.org/wiki/Trim_(computing) 'WKless] 
[Archive org]. the erase operation can only be done on entire blocks (and not on single pages). 


In addition to marking files for deletion (on reputable SSD drives), Trim usually makes those unreadable using a 
method called “Deterministic Read After Trim” or “Deterministic Zeroes After Trim”. This means that if an adversary 
tries to read data from a trimmed page/block and somehow manages to disable garbage collection, the controller 
will not return any meaningful data. 


Trim is your ally and should always be enabled when using an SSD drive and should offer sufficient reasonable 
protection. And this is also the reason you should not use Veracrypt Plausible deniability on a Trim enabled SSD as 
this feature is incompatible with Trim™*. 


Garbage Collection: 
Garbage collection”? is an internal process running within your SSD drive that looks for data marked for erasure. 


Oi alm elneless-tom aelo)at=m oh aidal=msys) Dove) aldge) |(-1emr-]ale Mol at-\V{-m ale mere) aidxe) Ke)\'(-1 an |mml|mol0-<onl of-(o aime dat=W] | Uhm e-1d(e)alr-] oe) =F 


440 Wikipedia, Write Amplification https://en.wikipedia.org/wiki/Write_amplification 'Wikiless] [Archive.org] 
441 Wikipedia, Trim Disadvantages https://en.wikipedia.org/wiki/Trim_(computing)#Disadvantages [Wikies] [Archive.org] 
442 wikipedia, Garbage Collection https://en.wikipedia.org/wiki/Write_amplification#tGarbage_collection Wikiess] [Archive.org] 
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you will see that Garbage collection is the last step and will notice that some pages are marked for deletion in a 
specific block, then copy the valid pages (not marked for deletion) to a different free destination block and then will 
lol =W-] 0) (= KOM =) ¢-KX-Ma aL =MXOLU] germ 0} [ole] laud) NVA 


Garbage collection in itself does NOT require Trim to function, but it will be much faster and more efficient if Trim is 
performed. Garbage collection is one of the processes that will actually erase data from your SSD drive permanently. 


(CoyarellUsielan 
4437444 and difficult for a forensic examiner to be able to recover data from a 
Trimmed SSD but it is not completely impossible either**”“°”” if they are fast enough and have access to extensive 


equipment, skills, and motivation”. 


So, the fact is that it is very unlikely 


Within the context of this guide which also uses full disk encryption. Deletion and Trim should be reasonably secure 
enough on any SSD drive and will be recommended as the standard method of deletion. 


How to securely wipe your whole Laptop/Drives if you want to erase everything: 


NUKE IT FROM ORBIT 


IT'S THE ONLY WAY TO BE 
I 3 


So, you want to be sure. To achieve 100% secure deletion on an SSD drive, we will need to use specific SSD 
techniques (If you are using an HDD drive, skip this part and go to your OS of choice): 
e Easy options for less experienced users: 
© If available, just use the Secure Erase option available from your BIOS/UEFI (ATA/NVME Secure Erase 
or Sanitize). 
© Just re-install a fresh operating system (delete/quick format the drive) and re-encrypt it. The full disk 
encryption process should erase all previous data from the disk. 
o Buy PartedMagic™® for 11S and use it to erase any disk. 


ee ne 


443 Techgage, Too TRIM? When SSD Data Recovery is Impossible 
https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/ ’chive.orel 

444 ResearchGate, Live forensics method for acquisition on the Solid-State Drive (SSD) NVMe TRIM function 
https://www.researchgate.net/publication/341761017_Live_ forensics method _for_acquisition_on_the Solid_State_Drive_SSD 
_NVMe_TRIM_function Archive ors] 

445 ElcomSoft, Life after Trim: Using Factory Access Mode for Imaging SSD Drives https://blog.elcomsoft.com/2019/01/life-after- 
trim-using-factory-access-mode-for-imaging-ssd-drives/ Archive.ors] 








446 Eorensic Focus, Forensic Acquisition Of Solid State Drives With Open Source Tools 
https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/ *chive.orel 

447 ResearchGate, Solid State Drive Forensics: Where Do We Stand? 

https://www.researchgate.net/publication/325976653._ Solid State Drive Forensics Where Do We_ Stand ’hive.crs] 

448 BleepingComputer, https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in- 
hidden-ssd-area/ ['chive-orel 
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o ATA/NVMe Secure Erase: This method will remove the mapping table that keeps track of allocated 
data on the storage Blocks but does not destroy the actual data. 

o ATA/NVMe Sanitize Crypto Scramble (aka Instant Secure Erase, Crypto Erase), which applies to self- 
encrypting SSD drives: This method will change the encryption key of the self-encrypting SSD drive 
Fl avelmaclalel=)ar-]|mdal-mel-ie-iKela-1eM faMime)ale-r-[el-1e) (=p 

o ATA/NVMe Sanitize Block Erase: This method performs an actual block erase on every storage block 
and will destroy the data and change the encryption key if present. 

o ATA/NVMe Sanitize Overwrite (terribly slow, could be dangerous and not recommended): This 
method performs a block erase and then overwrite every storage block (it is the same as Block Erase 
but will overwrite data in addition). This method is overkill and not necessary IMHO. 

e Physical Destruction: 
o HDDs: 
1. Open the drive (with a screwdriver, usually Torx T8) 
2. Remove platters (with a screwdriver, usually Torx T6) 
3. Rub the platters with a rare earth magnet 
4. Break/Deform/Crush the platters 
5. Burnthem 
6. Separate the debris 
7. Throw away in separate places 
o SSDs: 

1. Open the drive 

2. Break/Crush the board and memory cells 

3. Burnthem 

4. Separate the debris 

5. Throw away in separate places 

o Bonus: See https://www.youtube.com/watch?v=-bpX8YvNge6V Lnvidious] 


For maximum overkill paranoia security, Sanitize Block Erase option should be preferred but Secure Erase is probably 
more than enough when considering your drive is already encrypted. Unfortunately, are no free easy (bootable with 
a graphical menu) all-in-one tools available and you will be left with either going with drive manufacturers provided 
tools, the free manual hdparm*”, and nvme-cli*”* utilities or going with a commercial tool such as PartedMagic. 


This guide will therefore recommend the use of the free utilities hdparm and nvme-cli using a Live System Rescue 
system. 


If you can afford it, just buy Parted Magic for 11S which provides an easy-to-use graphical tool for wiping SSD drives 
using the option of your choice*?”’*”?, 


Note: Again, before proceeding, you should check your BIOS as some will offer a built-in tool to securely erase 
your drive (ATA/NVMe Secure Erase or ATA/NVMe Sanitize). If this is available, you should use that, and the 
following steps will not be necessary. Check this before going ahead to avoid the hassle, see Appendix M: 
BIOS/UEFI options to wipe disks in various Brands). 


Linux (all versions including Qubes OS): 


System/Internal SSD: 
e Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option 
(“ATA/NVMe Secure Erase” or “ATA/NVMe Sanitize”). Do not use wipe with passes on an SSD drive. 
e Option B: See Appendix D: Using System Rescue to securely wipe an SSD drive. 


449 Wikipedia, Parted Magic https://en.wikipedia.org/wiki/Parted_Magic !Wikiless] [Archive.org] 
450 Wikipedia, hdparm https://en.wikipedia.org/wiki/Hdparm 'Wikiless] [Archive.org] 

451 GitHub, nvme-cli https://github.com/linux-nvme/nvme-cli Archive orel 

452 PartedMagic Secure Erase, https://partedmagic.com/secure-erase/ [Archive ore] 


453 Partedmagic NVMe Secure Erase, https://partedmagic.com/nvme-secure-erase/ A’chive.ore] 
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e Option C: Wipe your disk and re-install Linux with new full disk encryption to overwrite all sectors with new 
encrypted data. This method will be terribly slow compared to Option A and B as it will slowly overwrite 
your whole SSD. Also, note that this might not be the default behavior when using LUKS. You might have 
to check the option to also encrypt the empty space for this effectively wipe the drive. 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


External SSD: 
First please see Appendix K: Considerations for using external SSD drives 


Trim should be sufficient in most cases and you could just use the blkdiscard command to force an entire device trim 
as explained here: https://wiki.archlinux.org/index.php/Solid_state_drive#Trim_an_entire_device hve-crs] 


If your USB controller and USB SSD disk support Trim and ATA/NVMe secure erase, you could wipe them cautiously 
using hdparm using the same method as the System Disk above except you will not install Linux on it obviously. Keep 
in mind tho that this is not recommended (see Considerations above). 


If it does not support Trim and/or ATA secure erase, you could (not securely) wipe the drive normally (without 
passes like an HDD) and re-encrypt it completely using your utility of choice (LUKS or Veracrypt for instance). The full 
disk decryption and re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure 
wipe. 


Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom 
data which should also ensure secure deletion (this can be done with BleachBit 
https://www.bleachbit.org/download/linux "he °] or from the command line using secure-delete using this 
tutorial https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux 4’hve-"8)), 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


Internal/System HDD: 
e Option A: Check if your BIOS/UEFI has a built-in option and use them and if it does, use the correct option 
(Wipe + Passes in the case of an HDD). 
e Option B: See Appendix I: Using ShredOS to securely wipe an HDD drive 
e Option C: Wipe your disk and re-install Linux with new full disk encryption to overwrite all sectors with new 
encrypted data. This method will be terribly slow compared to Option A and B as it will slowly overwrite 
your whole HDD. 


External/Secondary HDD and Thumb Drives: 
en ©) d(o) a -Wau sro) |e)" "rol a\=Meyim dal=xX=¥n WO] Ko) a T-) [cs 
0 https://linuxhint.com/completely_wipe_hard_drive_ubuntu/ “hve! 
o https://linoxide.com/linux-command/commands-wipe-disk-linux/ “'chive-or8] 
o https://wiki.archlinux.org/index.php/Securely_wipe_disk rchive.ors] 
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e Option B: Install and use BleachBit https://www.bleachbit.org/download/linux 4-08] or follow this EFF 
tutorial https://ssd.eff.org/en/module/how-delete-your-data-securely-linux "hive-orel 
e Option C: See Appendix I: Using ShredOS to securely wipe an HDD drive 


Windows: 

Unfortunately, you will not be able to wipe your Host OS using the Microsoft built-in tools within the settings. This is 
because your bootloader was modified with Veracrypt and will make the operation fail. In addition, this method 
would not be effective with an SSD drive. 
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System/Internal SSD: 

e Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option 
(“ATA/NVMe Secure Erase” or “ATA/NVMe Sanitize”). Do not use wipe with passes on an SSD drive. 

e Option B: Check Appendix J: Manufacturer tools for Wiping HDD and SSD drives. 

e Option C: See Appendix D: Using System Rescue to securely wipe an SSD drive. 

e Option D: Wipe your disk and re-install Windows before performing new full disk encryption (using Veracrypt 
or Bitlocker) to overwrite all sectors with new encrypted data. This method will be slower compared to 
Option A and B as it will overwrite your whole SSD. 


i C=t=) oM eM aniiale mei Mm aa=eX-me) old Colatcmalel-lem no ol-M-le)e)[(-te mela mansM=lnidiacm ela ci(er-] mel alice-lereMalelmelal- my el-lo lila 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


External SSD: 
First please see Appendix K: Considerations for using external SSD drives 


Use the manufacturer-provided tools if possible. Those tools should provide support for safe secure erase or sanitize 
over USB and are available for most brands: See Appendix J: Manufacturer tools for Wiping HDD and SSD drives. 


If you are not sure about the Trim support on your USB disk, (not securely) wipe it normally (simple quick format will 
do) and then encrypt the disk again using Veracrypt or Bitlocker. The full disk decryption and re-encryption process 
will overwrite the entirety of the SSD disk and should ensure a secure wipe. 


Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom 
data which should also ensure secure deletion (this can be done with BleachBit or PrivaZer free space erase options). 
See Extra Tools Cleaning. 


ere) oM aM an iale mei Maa=cX-Me) old Colatcmalc\-le ldo ol-W-le)e)[(-te Mela mant-M=-lnldfacM ola’ ci(e-] Melalc-lelemelelmelal- My el-la lila 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


Internal/System HDD: 
e Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option (Wipe + 
Passes). 
e Option B: Check Appendix J: Manufacturer tools for Wiping HDD and SSD drives 
e Option C: See Appendix I: Using ShredOS to securely wipe an HDD drive 


External/Secondary HDD and Thumb Drives: 
e Option A: Check Appendix J: Manufacturer tools for Wiping HDD and SSD drives 
e Option B: Use external tools such as: 
o Eraser (open-source): https://eraser.heidi.ie/download/ “chiveors] 
o KillDisk Free: http://killdisk.com/killdisk-freeware.htm rchivecrs] 
e Option C: See Appendix I: Using ShredOS to securely wipe an HDD drive 


macOS: 

System/Internal SSD: 

Unfortunately, the macOS Recovery disk utility will not be able to perform a secure erase of your SSD drive as stated 
in Apple documentation https://support.apple.com/en-gb/guide/disk-utility/dskutl14079/mac ’hiveorel 


In most cases, if your disk was encrypted with Filevault and you just perform a normal erase, it should be “enough” 
according to them. It is not according to me, so you have no option besides re-installing macOS again and re-encrypt 
it with Filevault again after re-installing. This should perform a “crypto erase” by overwriting your earlier install and 
encryption. This method will be quite slow, unfortunately. 


If you want to do a faster secure erase (or have no time to perform a re-install and re-encryption), you can try using 
the method described in Appendix D: Using System Rescue to securely wipe an SSD drive (This will not work on M1 
Macs). Be careful tho as this will also erase your recovery partition which is needed to reinstall macOS. 
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External SSD: 
First please see Appendix K: Considerations for using external SSD drives 


If your USB controller and USB SSD disk support Trim and ATA secure erase, and if Trim is enabled on the disk by 
raat-\el Obs HnYZolUMmor=] aM [UKs] m2] oXomdal=MNid ale) (=Me| ks alate) aant-] i \arelale mets] iW) a(ol¥] (ol alo) ml ol-m a-\eo\{-1e-]0)(-Me)ama-te-1al mel hS.<n 


If you are not sure about Trim support or want more certainty, you can (not securely) wipe it using macOS disk utility 
before fully re-encrypting them again using these two tutorials from Apple: 
e https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac 
[Archive org] 
e https://support.apple.com/guide/disk-utility/encrypt-protect-a-storage-device-password-dskutl35612/mac 
[Archive or8] Or using Veracrypt full disk encryption. 


The full disk re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


External HDD and Thumb Drives: 

Follow this tutorial: https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device- 
dskutl14079/mac “"e-0'8] and use the secure erase option from Disk Utility which should work fine on HDD and 
al alelanloMelansce 


How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives: 
ai atemcy-laalom olalatell o) (=m ine)aamealom t=) al (=) arevar-] o1n-) ecw] 0) 0) \Va mola dale) al-Pam Mal -Mct-] pel eM S10 [-omr-] a {om nolem 


With an HDD drive, you can securely delete files by just deleting them and then apply one or more “passes” to 
overwrite the data in question. This can be done with many utilities on all OSes. 


With an SSD drive, however, again everything becomes a bit complicated because you are never sure anything is 
really deleted due to wear leveling, reliance on the Trim operation, and garbage collection of the drive. An adversary 
that has the decryption key of your SSD (whether it is LUKS, Filevault 2, Veracrypt, or Bitlocker) could unlock your 
drive and then attempt a recovery using classic recovery utilities** and could succeed if the data were not trimmed 
properly. But this is again highly unlikely. 


SJ] ale=M atom Malan) ol=1er-] ale) a MM alo) xo) ald] al U(olU\Molam aalesimq-(ol-l alm ar-] come) a\{-tom oLUiancyol ayfolU] (Lo pmcii an] e) Nance) aol ay-ar- ia Malan) 
operation should be enough. But again, the only way to be 100% sure a file is securely deleted from your unlocked 
encrypted SSD is to again overwrite all the free space after deletion of the files in question or to decrypt/re-encrypt 
the drive. But this is overkill and not necessary. A simple disk-wide Trim should be sufficient. 


Remember tho that no matter the deletion method you use for any file on any medium (HDD drive, SSD, USB 
Thumb drive). It will probably leave other traces (logs, indexing, shellbags ...) within your system and those traces 
will also need to be cleaned. Also, remember that your drives should be fully encrypted and so this is most likely 
an extra measure. More on that later in the Some additional measures against forensics section. 


NAVATare(@) Vise 
Remember you cannot use Trim at all if you are using Plausible Deniability on an SSD drive against all 
recommendations. 


System/Internal SSD drive: 
At this stage, and just delete the file permanently (empty the recycle bin) and trim/garbage collection will do the 
rest. This should be sufficient. 


If you do not want to wait for the periodic Trim (set to Weekly by default in Windows 10), you could also force a 
disk-wide Trim using the Windows native Optimize tool (see Appendix H: Windows Cleaning Tools). 


454 YFSExplorer, Can | recover data from an encrypted storage? https://www.ufsexplorer.com/solutions/data-recovery-on- 


encrypted-storage.php A’chive.orel 
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If data were deleted by some utility (for instance by Virtualbox when reverting a snapshot), you could also issue a 
(olks) canvi(ol= im Mala monel(<t-laMr-lanvavalialcaa=yaat-lialiatmesilal-muaalomct-laq(-m@) oluian)P4-mnele) B 


Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and 
id at=1aM@) olu|aaly4om-}:x-]]amnem co) ce=M-I Nalanban 4ol0i-) q-molo)a\-am Ml al-] mismo) qo) of-] 0) \Va-)arolel-4amlameahvae)e)ial(olae 


i). 


You can optimize your drives to help your computer run more efficiently, or analyze them to find out if they need 
to be optimized. Only drives on or connected to your computer are shown. 


Status 


Drive Media type Last analyzed oro... Current status 
i» Windows (C:) Solid state drive 26/01/2021 21:02 OK (0 days since last retrim) 


Optimize 


Scheduled optimization 


On Change settings 
Drives are being analyzed on a scheduled cadence and optimized as ne... 


Frequency: Weekly 





Him OLU INN e-] alm aaie)a=mc{-Lol0 la im ar-lalemo(oM alolandaU\lundal-Wl Malan Mo) ol-le-1u(elapmaal-lamycel0 mW Ii Mar-)\c-m alee) ejd(olal olUian won -)ival=1 a 
e Decrypt and re-encrypt (using Veracrypt or Bitlocker) the whole drive to overwrite all free space after data 
deletion. This will ensure overwriting of all the free space. 
e Trim and then fill up the entire free space of the disk using a utility such as BleachBit or PrivaZer. 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


Please refer to Appendi am Fl atel 0) (el @r-MUha| inva ol=1 ie) =m x0) alcar-] al cto 


Mi atem o)aokecrscm Me Uli M=Mc) an) e) (emote) el-lalel|atzae)amuar-m cole) mvolUlm oo) <-tomige)amaal-W-Vo) el-1alel).@ 
e Right-click a file/folder: 
© PrivaZer: Delete without a trace 
©  BleachBit: Shred with BleachBit (or see this tutorial from the EFF 


"8 


In the case of USB thumb drives, consider wiping free space using one of the above utilities after file deletion or 
wiping them completely using Eraser / KillDisk as instructed previously. 
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External SSD drive: 
First please see Appendix K: Considerations for using external SSD drives 


If Trim is supported and enabled by Windows for your external SSD drive. There should be no issue in securely 
deleting data normally just with normal delete commands. Additionally, you could also force a Trim using the 
Windows native Optimize tool (see Appendix H: Windows Cleaning Tools): 


Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and 
ivat-1am@) eld lanlPA-m-l:4-]1 adem ce] ceee- Im Na lan ban ColU it~] qo (0) a\—Pam Mat-) ko 0) 0) oY-]0) Vad avel0]-40M lam aahvae)e)ial(olae 


If Trim is not supported or you are not sure, you might have to ensure secure data deletion by: 
e Filling up all the free space after any deletion (using BleachBit or PrivaZer for instance). 
e Decrypt and Re-encrypt the disk with a different key after each deletion (using Veracrypt or Bitlocker). 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


Taba (akelab@lU] oX-@)s) ps 

System/Internal SSD drive: 

ALUKiem oan a¥-larclala meld (-inomaat-Wal (om Clave m=1anlolu’ma-ra\Zel (om ol] a) e-lale mimes) alolU] (oll of-MUlala-lxe)(-1e-] o)(-MelU(- mom Mala ame) e\-1e-14[elaice-lare| 
garbage collection. 


If you do not want to wait for the periodic Trim (set to Weekly by default in Ubuntu), you could also force a disk- 
wide Trim by running © fstrim --all”” from a terminal. This will issue an immediate trim and should ensure sufficient 
security. This utility is part of the “util-linux*** package on Debian/Ubuntu and should be installed by default on 
Fedora. 


MYLO MW Cl alan gale) comc-Le10] di nvar-)aloMe(oM alo) muauciandal-Wl Malanmo)ol-1e-1dlelapmual-lam\el0 MW ill Mar-)\.-m aloe) ej (ola ll olUianwol-lival=1 a 
e Decrypt and re-encrypt (using LUKS for instance following this tutorial 
https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption#Re-encrypting_ devices 4'hve--r8l) the 
whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. 
e §©Trim using © *fstrim --all”~ and then fill up the entire free space of the disk using a utility such as: 
fommmn =\[-y-Te1a] sim alan VAAN AA ol(=t-lelale)i mol a-4Aelo\ za) (eY-Le VA lial 0) @ aula) 
o Install secure-delete package and use sfill on the root of the drive: 
= * sudo sfill -I -|/~* for instance should do the trick (this will take a substantial amount of 
iulaas)) 
fom OLX=Mis al =Me) (0 Mcvol aloto) Molo Mant-iaaterom (a=) <-lamigelaamualce-lac ile 
https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux 4"”e-°'8) run these 
commands on the drive you want to fill: 
=» “dd if=/dev/zero of=zero.small.file bs=1024 count=102400°™ 
» “dd if=/dev/zero of=zero.file bs=1024*~ 
= * sync; sleep 60; sync 
=» ‘rm zero.small.file’~ 
=» * “rm zero.file~ 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


Internal/External HDD drive or a Thumb Drive: 
e You can do this the graphical way with BleachBit following this tutorial from the EFF: 
https://ssd.eff.org/en/module/how-delete-your-data-securely-linux 4’hive-orel 
Ci ©) enV olU or-Jame(ohivalmimolaamaal-moe)enleat-lalem (ial-mie)|Con id iatemdal cm ae ine) af] 
https://linuxhint.com/completely_wipe_hard_drive_ubuntu/ “"e-o'8] (For this purpose | recommend wipe 
and shred). 


External SSD drive: 
First please see Appendix K: Considerations for using external SSD drives 
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If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in 
securely deleting data normally and just issue an © fstrim --all’” from the terminal to trim the drive. This utility is 
part of the “util-linux” package on Debian/Ubuntu and should be installed by default on Fedora. 


If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire 
free space of the disk using a utility such as: 
ia DY=Yol av 0) r=] alo c=exelalol av] ol mt (UISiiavom MOL GOMUISI avomaalicmaU] Ke) at-] Malad ooy Anil dite] celal lial eolecsalalel=>eolaleyAe lene 
crypt/Device_encryption#Re-encrypting_devices “hve-°'8] or Veracrypt from the graphical interface for 
instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all 
the free space. 
e Fill the free space using one of those methods: 
fommn=1(-¥- Tela] sii alae SVM ANA AWA o)(-t-lelal oi Melee4Aolo\ Za) (eY-e A lial 0) @ aula) 
o Install secure-delete package and use sfill on the root of the drive: 
= ‘sudo sfill -I -|/~* for instance should do the trick (this will take a substantial amount of 
time) 
foe CLX-Mis al =me) (0 Mcvol aloYo) Molo Mant-laatolom (a=) <-lamigelaammalce- ac iile 
https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux ""e-°'8!) run these 
commands: 
= “dd if=/dev/zero of=zero.small.file bs=1024 count=102400°" 
= “dd if=/dev/zero of=zero.file bs=1024°~ 
=» ‘sync; sleep 60; sync 
=» rm zero.small.file’~ 
=» ‘rm zero.file~ 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


fale). (@L0] ol= Os) 5 

System/Internal SSD drive: 

As with other Linux distros, normal deletion and trim should be sufficient on most SSD drives. So just permanently 
(ol= immu aromil (=m CclaLeM Van) ol mVar=]aN’aRaVeN'cel(=m olla) Wr-ae Mims) alol¥| Coll of-MUlala-lxe\ i=) ¢-] o)(-MelUl-mxon ol-1a (ole | (om Malan lo) el-le-1d(e ace] ale] 
garbage collection. 


Please follow this documentation to Trim within Qubes OS: https://github.com/Qubes- 
Community/Contents/blob/master/docs/configuration/disk-trim.md Achivecrs] 


As with other Linux Systems, if you want more security and do not trust the Trim operation then you will have no 
(o}o}droyaW olUimmnom lid al-la 

e Decrypt and re-encrypt the whole drive to overwrite all free space after data deletion. This will ensure 
overwriting of all the free space. | didn’t find a reliable tutorial on how to do this safely on Qubes OS but it is 
possible this tutorial could work: https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption#Re- 
encrypting devices "hve-'s] (at your own risk, this has not been tested yet). 

e Refer to this Documentation (https://github.com/Qubes- 
Community/Contents/blob/master/docs/configuration/disk-trim.md 4'hve-o8]) and then trim using “fstrim -- 
all” and then fill up the entire free space of the disk using a utility such as: 

fommen = 1[-y-Le1a] stim alan SVM AAA el(=t-lelal limo) a=4Ae (oN Za) (ey-TeVAlial0) aman 
o Install secure-delete package and use sfill on the root of the drive: 
= *sudo sfill -| -|/~* for instance should do the trick (this will take a substantial amount of 
iufaats)) 
fo CLX-Mis pl =mo) (e Mcvol aloXo) ole Mant=1aalolom (c=) <-lamige)aammalcelaciile 
https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux 4"”e-°'8) run these 
commands on the drive you want to fill: 
= “dd if=/dev/zero of=zero.small.file bs=1024 count=102400°~ 
= “dd if=/dev/zero of=zero.file bs=1024°™ 
= *‘sync ; sleep 60; sync 
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=» ~*“rm zero.small.file’ 
=» ~* “rm zero.file 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


aieciaalel/A>aaclaelel mn] ®)OkelaiVcmelaom haliaalen Siaiicn 
Use the same method as Linux from a Qube connected to that specific USB device 
e You can do this the graphical way with BleachBit following this tutorial from the EFF: 
https://ssd.eff.org/en/module/how-delete-your-data-securely-linux Archive.orel 
Cen ©) enV ol0 or Jame(onvalmimolaamaal-moe)ealeat-lalem (ial-mie) ited latemdal mae ine) ate] 
https://linuxhint.com/completely_wipe_hard_drive_ubuntu/ “"ve-o'8] (For this purpose | recommend wipe 
and shred). 


External SSD drive: 
First please see Appendix K: Considerations for using external SSD drives 


If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in 
securely deleting data normally and just issue a “fstrim --all” from the terminal to trim the drive. Refer to this 
DYoxeL Tn ak=vale-yarelam (aad ose MAcdiuale] omere)ayA O10) of-\m Golan lanlUlalinvsA olain=lalncyAel(o) oyApat-isin=leAecelacy cece) ayit-40le-iule)ayAclisl ciualeamaare| 
Archive or8]) tg enable trim on a drive. 


If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire 
free space of the disk using a utility from a Qube connected to the USB device in question: 

Ci DY=Xoi av] o} atl ale Maatr=)a1erav/ om Ulci [aloe MO) GoMU Ici [alomdal MUU i Ko) ate] Malan ey PAWL. dPelaelalilaleh eo) gAlatel=>.ele) ale) celnate 
crypt/Device_encryption#Re-encrypting_devices 4"*-°e] or Veracrypt from the graphical interface for 
instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all 
the free space. 

e Fill the free space using one of those methods: 

o  BleachBit https://www.bleachbit.org/download/linux “chive-ors] 

o Install secure-delete package and use sfill on the root of the drive: 

= ‘sudo sfill -l -|/~* for instance should do the trick (this will take a substantial amount of 
time) 

o Use the old school dd method (taken from this answer 
https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux 4"”e-°'8) run these 
oy anaarlalesn 

= “dd if=/dev/zero of=zero.small.file bs=1024 count=102400°" 
= “dd if=/dev/zero of=zero.file bs=1024°~ 


Repeat these steps on any other partition if there are separate partitions on the same SSD drive before deleting the 
files. 

=» ‘sync; sleep 60; sync’ 

=» rm zero.small.file~ 

=» *‘rm zero.file~ 


Repeat these steps on any other partition if there are separate partitions on the same SSD drive. 


Keep in mind all these options need to be applied on the entire physical drive and not on a specific 
partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly. 


macOS: 


System/Internal SSD drive: 
Just permanently delete the file (and empty recycle bin) and it should be unrecoverable due to trim operations and 
garbage collection. 
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e If your file system is APFS, you do not need to worry about Trim, it happens asynchronously as the OS writes 
data*° according to their documentation. 


“Does Apple File System support TRIM operations? 


Yes. TRIM operations are issued asynchronously from when files are deleted or free space is reclaimed, which 
ensures that these operations are performed only after metadata changes are persisted to stable storage”. 
e If your file system is HFS+, you could run First Aid on your System Drive from the Disk Utility which should 
perform a Trim operation in the details (https://support.apple.com/en-us/HT210898 /*hive.orsl) 


Running First Aid on “Macintosh HD” 


First Aid process is complete, click Done to continue. 


v_ Hide Details 


Checking catalog hierarchy. 

Checking extended attributes file. 

Checking volume bitmap. 

Checking volume information. 

Trimming unused blocks. 

The volume Macintosh HD appears to be OK. 

File system check exit code is 0. 

Updating boot support partitions for the volume as required. 
Operation successful. 





System/Internal, External HDD drive or a Thumb Drive: 
Unfortunately, Apple has removed the secure erase options from the trash bin even for HDD drives**. So, you are 
left with using other tools: 

e Permanent Eraser http://www.edenwaith.com/products/permanent%20eraser/ Archive-crs] 

e From the terminal, you can use the “rm —P filename” command which should erase the file and overwrite it 


as explained in this EFF tutorial https://ssd.eff.org/en/module/how-delete-your-data-securely-macos 
Niel aY\Vmel g4| 


In the case of USB thumb drives, consider wiping them completely using Disk Utility as instructed previously. 


External SSD drive: 
First please see Appendix K: Considerations for using external SSD drives 


If Trim is supported and enabled by macOS for your external SSD drive. There should be no issue in securely deleting 
data. 


If Trim is not supported, you might have to ensure secure data deletion by: 
e Filling up all the free space after any deletion using the Linux Method above (dd). 
e Decrypt and Re-encrypt the disk with a different key after each deletion (using Disk Utility or Veracrypt). 


sce No} o](-M DI=\VZ-1 (0) X-1em DloYeUlaal-Vayec] (el ap 


https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html 
[Archive org] 


456 EFF, How to: Delete Your Data Securely on macOS https://ssd.eff.org/en/module/how-delete-your-data-securely-macos 
IVNiel aYV=mol g4| 
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Some additional measures against forensics: 
Note that the same SSD issue discussed in the earlier section will arise here. You can never really be 100% sure your 
SSD data is deleted when you ask it to do so unless you wipe the whole drive using specific methods above. 


lam not aware of any 100% reliable method to delete single files selectively and securely on SSD drives unless 
overwriting ALL the free space (which might reduce the lifespan of your SSD) after Deletion + Trim of these files. 
Without doing that, you will have to trust the SSD Trim operation which in my opinion is enough. It is reasonable 
and again very unlikely that forensics will be able to restore your files after a Deletion with Trim. 


Tame Ke(elid(o)avamaaleysime) ima al=cXom aalst-K10] cto a(-1 gms) alel6] (ol are)m ol-Mal=t-te (le My] a(a=m\CelU ani zero) (= Mela h smc alele] (om ol-M-lalelayselncveir-lale| 
therefore your data should not be accessible for forensic analysis through SSD/HDD examination anyway. So, these 
are just “bonus measures” for weak/unskilled adversaries. 


Consider also reading this documentation if you’re going with Whonix https://www.whonix.org/wiki/Anti- 
Forensics Precautions “eel as well as their general hardening tutorial for all platforms here 
https://www.whonix.org/wiki/System_Hardening_Checklist “ch've-or! 


Removing Metadata from Files/Documents/Pictures: 

Pictures and videos: 

On Windows, macOS, and Linux | would recommend ExifTool (https://exiftool.org/ “"*-"8!) and/or ExifCleaner 
(https://exifcleaner.com/ “*"'e-°8l) that allows viewing and/or removing those properties. 


ExifTool is natively available on Tails and Whonix Workstation. 


ExifCleaner: 
Just install it from https://exifcleaner.com/ “e-°'8], run and drag and drop the files into the GUI. 


=> dim Kee) F 
It is actually simple, just install exiftool and run: 
e To display metadata: ~exiftool filename.jpg~ 
e Toremove all metadata: ~exiftool -All= filename.jpg 


Remember that ExifTool is natively available on Tails and Whonix Workstation. 


NiViTare(o\ sm \eluh cm ele) F 
Here is a tutorial to remove metadata from a Picture using OS provided tools: https://www.purevpn.com/internet- 
privacy/how-to-remove-metadata-from-photos A’hive ors] 


Cloaking/Obfuscating to prevent picture recognition: 
Consider the use of Fawkes https://sandlab.cs.uchicago.edu/fawkes/ 4" °'8l (https://github.com/Shawn- 
Shan/fawkes "hve-°'8l) to cloak the images from picture recognition tech on various platforms. 


Or if you want online versions, consider: 
e = https://lowkey.umiacs.umd.edu/ “rhe rel 
e https://adversarial.io/ “rchive-ors] 


PDF Documents: 


=D) slexeyaelaveliem (MI ALUN GA\NVAlatel@N UsVAaarele@ SYA 010] of-\1@)s) F 
Consider using https://github.com/kanzure/pdfparanoia "“"'"e-°'8] which will remove metadata and watermarks on 
any PDF. 


ExifCleaner (Linux/Windows/macOS/QubesOS): 
Just install it from https://exifcleaner.com/ "esl run and drag and drop the files into the GUI. 


41m ole) (MI ALUN SAV NVAl ave LeiVicyAnatele@)s¥A@ 10] o\-13@)s) F 
It is actually simple, just install exiftool and run: 
e To display metadata: ~exiftool filename.pdf 
e Toremove all metadata: exiftool -All= filename.pdf 
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MS Office Documents: 

First, here is a tutorial to remove metadata from Office documents: https://support.microsoft.com/en- 
us/office/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks- 
356b7b5d-77af-44fe-a07f-9aa4d085966F “hve "8], Make sure however that you do use the latest version of Office 
with the latest security updates. 


Alternatively, on Windows, macOS, Qubes OS, and Linux | would recommend ExifTool (https://exiftool.org/ “hve-'8)) 
and/or ExifCleaner (https://exifcleaner.com/ ““*-°'8l) that allows viewing and/or removing those properties 


ExifCleaner: 
Just install it from https://exifcleaner.com/ "el, run and drag and drop the files into the GUI. 


=> dim Kote) F 
It is actually simple, just install exiftool and run: 
e To display metadata: ~exiftool filename.docx 
e Toremove all metadata: exiftool -All= filename.docx~ 


LibreOffice Documents: 
e select Files in the upper menu 
omy =) (=1 01 a 0) 0-184 (215 
o Uncheck “Apply User Data” 
o Uncheck “Save Preview image with the Document” 
oO Click “Reset Properties” 
o Make sure there is nothing on the Description and Custom Properties tabs 
e Select Tools in the upper menu 
omy =) (101 ©) o) Te) a1 
Select Security 
Click “Security Options and Warning” 
Check: 
=» “When printing” 
=» “When saving or sending” 
=» “When creating PDF files” 
=» “Remove personal information on saving” 
In addition, on Windows, macOS, Qubes OS, and Linux | would recommend ExifTool (https://exiftool.org/ “hve-"8l) 
and/or ExifCleaner (https://exifcleaner.com/ “"*°2l) that allows viewing and/or removing additional properties 


a © © 


ExifCleaner: 
Just install it from https://exifcleaner.com/ "nes! run and drag and drop the files into the GUI. 


ExifTool: 
It is actually simple, jut install exiftool and run: 
CMa Keo |i) ) [= \’maal=in-\ol-]e-mmm->(lineye) mil (=lar-]aql-ele) aa 
e Toremove all metadata: ~exiftool -All= filename.odt™ 


All-in-one Tool: 

Another option good tool IMHO to remove metadata from various documents is the open-source mat2 
recommended by privacyguides.org*”” (https://Oxacab.org/jvoisin/mat2 “"n'’*-°'s!) which you can use on Linux quite 
easily. | never managed to make it work properly within Windows due to various dependencies issues despite the 
provided instructions. It is however very straightforward to install and use on Linux. 


So, | would suggest creating a small Debian VM within Virtualbox (behind your Whonix Gateway) which you can then 
use from your other VMs to analyze various files from a convenient web interface. For this see Appendix L: Creating 
a mat2-web guest VM for removing metadata from files 


457 Privacyguides.org, Productivity tools https://privacyguides.org/software/productivity/ A"hve-orel 
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Remove metadata 


The file you see is just the tip of the iceberg. Remove the hidden metadata. 


© jvoisin - source - ¥ 





Mat2 is also pre-installed on the Whonix Workstation VM*** and available on Tails by default*°?. 


Tails is great for this; you have nothing to worry about even if you use an SSD drive. Shut it down and it is all gone as 
soon as the memory decays. 


Note that it’s possible to run Whonix in Live mode leaving no traces when you shut down the VMs, consider reading 
their documentation here | Je frenve-ors! and here 


Revert to an earlier snapshot on Virtualbox (or any other VM software you are using) and perform a Trim command 
on your Mac using Disk Utility by executing a first-aid on the Host OS again as explained at the end of the next 
section. 


NV/Kossi mo) im dal=W [al coli celaamaalwx-Yo1d le) amor lau] voll elm col laloM-lanvalimallocm 40) (0 (om 


rag¥el@bou (0) oon] ato Mavel[Ulollaveal sifcaclel@ lm <2X=) ols- I @LUF-]a-] aid [alems\@) Wm DY) i=) of ko) m=) | a al=Wil (=XM 0] U I =NV=1 axe Co) Vn) (oy-lolcYo mine) pale) 
Browser. This database is located at *’~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2°*. 


You can query it yourself by running the following command from terminal: ~~ sqlite3 
~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 “select * from LSQuarantineEvent” ~~ 


This is a goldmine for forensics, and you should disable this: 
Cin Ulam al Wn xo) | Ko) lalomeo)ealaat-)aremneMel(=t-] anu al-Me[-lr-] of-k\-Wovo)aale)(=1K-1hVz 
:>~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2°~ 
Cin (Ol amd al =m co) |Ko\iVilal-meco)aalaat-)alemnom (ole qua at-will (-m- arom o)a-\i-1al m0] aaal-)erolo)ivzal(er-(om alicine)avmige)aam el-)iatmiaiaaclamdal-laon 
“sudo chflags schg ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 >” 


458 Whonix Documentation, Scrubbing Metadata 
459 Tails documentation, MAT htt 


Page 177 of 243 








MiaveM mlineinlallq-ieecn 10) (e(-mon @)alilat-w-Vareyanzanlia’s 


Lastly, you can also disable Gatekeeper altogether by issuing the following command in the terminal*©: 
e sudo spctl --master-disable’~ 


Refer to this section of this guide for further information https://github.com/drduh/macOS-Security-and-Privacy- 
Guide#gatekeeper-and-xprotect Arnve--rel 


In addition to this convenient database, each saved file will also carry detailed file system HFS+/APFS attributes 
showing for instance when it was downloaded, with what, and from where. 


You can view these just by opening a terminal and typing “mds filename and ~’xattr -I filename on any 
downloaded file from any browser. 


To remove such attributes, you will have to do it manually from the terminal: 
e Run’ xattr -d com.apple.metadata:kMDItemWhereFroms filename to remove the origin 
© You can also just use -dr to do it recursively on a whole folder/disk 
e Run xattr -d com.apple.quarantine filename to remove the quarantine reference 
© You can also just use -dr to do it recursively on a whole folder/disk 
e Verify by running ~*xattr —I filename and there should be no output 


(Note that Apple has removed the convenient xattr —c option that would just remove all attributes at once so you 
will have to do this for each attribute on each file) 


These attributes and entries will stick even if you clear your browser history, and this is obviously bad for privacy 
(right?), and | am not aware of any convenient tool that will deal with those at the moment. 


Fortunately, there are some mitigations for avoiding this issue in the first place as these attributes and entries are 
set by the browsers. So, | tested various browsers (On macOS Catalina, Big Sur, and Monterey), and here are the 
results as of the date of this guide: 





Browser Quarantine DB Entry Quarantine File | Origin File 


Attribute Attribute 


Safari (Normal) Yes 
Safari (Private Window) [rood 
Firefox (Normal) Yes 
Firefox (Private Window) a 
Chrome (Normal 
Chrome (Private Window) | Partial (timestamp only) |No 
Brave (Normal [Partial (timestamp only) [No 
Brave (Private Window) | Partial (timestamp only) |No 

i 


Brave (Tor Window) Partial (timestamp only) 
Tor Browser 


As you can see for yourself the easiest mitigation is to just use Private Windows. These do not write those 
origin/quarantine attributes and do not store the entries in the QuarantineEventsV2 database. 


Clearing the QuarantineEventsV2 is easy as explained above. Removing the attributes takes some work. Brave is the 
only tested browser that will not store those attributes by default in normal operations. 


Various Artifacts: 
In addition, macOS keeps various logs of mounted devices, connected devices, known networks, analytics, 
documents revisions... 


See this section of this guide for guidance on where to find and how to delete such artifacts: 
https://github.com/drduh/macOS-Security-and-Privacy-Guide#metadata-and-artifacts A"hiveorel 


460 GitHub, Disable Gatekeeper on macOS Big Sur (11.x) https://disable-gatekeeper.github.io/ A"niveorsl 
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NV VaN ace) imo aLos{omor-l alu oX-mol-l(=inclom UK| alcanvz-lalelUmeo)anlaat=1aelt-] maali cet oy-) ana Kolo) (om ol Ulan MNVZol¥] (eM ol-lacvo)ar-]|Nmac(aelaa)aat=lalemelsi ial 
the free and well-known Onyx which you can find here: https://www.titanium-software.fr/en/onyx.html chive-orel 
Unfortunately, it is closed-source, but it is notarized, signed, and has been trusted for many years. 


Force a Trim operation after cleaning: 
e If your file system is APFS, you do not need to worry about Trim, it happens asynchronously as the OS writes 
data. 
elf your file system is HFS+ (or any other than APFS), you could run First Aid on your System Drive from the 
Disk Utility which should perform a Trim operation in the details (https://support.apple.com/en- 
us/HT210898 [rchive.orgl) 


Running First Aid on “Macintosh HD” 


First Aid process is complete, click Done to continue. 


Vv Hide Details 


Checking catalog hierarchy. 

Checking extended attributes file. 

Checking volume bitmap. 

Checking volume information. 

Trimming unused blocks. 

The volume Macintosh HD appears to be OK. 

File system check exit code is 0. 

Updating boot support partitions for the volume as required. 
Operation successful. 





Maley. (@ 10] oX=1s ©) F 
Please consider their guidelines https://github.com/Qubes- 
Community/Contents/blob/master/docs/security/security-guidelines.md *chve-crel 


If you are using Whonix on Qubes OS, please consider following some of their guides: 
e Whonix System Hardening guide https://www.whonix.org/wiki/System_Hardening_Checklist 4”hve-"8! 
e Enabling App Armor on Qubes https://www.whonix.org/wiki/Qubes/AppArmor [rchive ore] 
e Also, consider the use of Linux Kernel Guard 
https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG "hive-orel 


falepa (arelan@lUlel-\:) b 

Guest OS: 

Revert to an earlier snapshot of the Guest VM on Virtualbox (or any other VM software you are using) and perform a 
trim command on your laptop using © fstrim --all”. This utility is part of the ~util-linux’’ package on 
Debian/Ubuntu and should be installed by default on Fedora. Then switch to the next section. 


Host OS: 
Normally you should not have traces to clean within the Host OS since you are doing everything from a VM if you 
follow this guide. 


Nevertheless, you might want to clean some logs. Consider having a look this convenient (but unfortunately 
unmaintained) tool: https://github.com/sundowndev/covermyass chive-ors] 


After cleaning up, make sure you have the fstrim utility installed (should be by default on Fedora) and part of the 
“util-linux* package on Debian/Ubuntu. Then just run ~*‘fstrim --all”* on the Host OS. This should be sufficient on 
SSD drives as explained earlier. 
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Consider the use of Linux Kernel Guard as an added measure 
https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG chivecre] 


VAVa Tare Ke) VAS 


(CUTxTm Oke 
Revert to an earlier snapshot on Virtualbox (or any other VM software you are using) and perform a trim command 
on your Windows using the Optimize as explained at the end of the next section 


inelseOS: 

INKoN Van Wate lon ZOLUM a-LoWr- Wu ol Ul alol go) mr-\old\V/1u(=\M Vie p16) anVA\Y/ MO) oil w (oscil O)sPIRYOLUIES) aLo 10) (0 M=].<oMr-Waale)aai-) alan Ko oo) {<1 mnvol0] au g- [ol <p 
Most of these steps should not be undertaken on the Decoy OS in case of the use of plausible deniability. This is 
because you want to keep decoy/plausible traces of sensible but not secret activities available for your adversary. 
If everything is clean, then you might raise suspicion. 


Diagnostic Data and Telemetry: 
First, let us get rid of any diagnostic data that could still be there: 
e After each use of your Windows devices, go into Settings, Privacy, Diagnostic & Feedback, and Click Delete. 


Then let us re-randomize the MAC addresses of your Virtual Machines and the Bluetooth Address of your Host OS. 
e After each shutdown of your Windows VM, change its MAC address for next time by going into Virtualbox > 
Select the VM > Settings > Network > Advanced > Refresh the MAC address. 
Cy Vik =) at -Y- (0) 0 MM UK{-MO) MAVZ0101 au (Osim @oMAATaLoLonWVicm AVoLU] MAVALY/ Imo) aYolU] (e MaYolel at-\V{oM 5) [U[=1keleldem-lar-]|) MR C{oN | aldomdal-m DY-\Vila=) 
Manager, Select Bluetooth, Disable the Device and Re-Enable the device (this will force a randomization of 
the Bluetooth Address). 


Event logs: 

Windows Event logs will keep many various pieces of information that could contain traces of your activities such as 
the devices that were mounted (including Veracrypt NTFS volumes for instance"), your network connections, app 
crash information, and various errors. It is always best to clean those up regularly. Do not do this on the Decoy OS. 


e Start, search for Event Viewer, and launch Event Viewer: 
o Go into Windows logs. 
o Select and clear all five logs using a right-click. 


Veracrypt History: 
By default, Veracrypt saves a history of recently mounted volumes and files. You should make sure Veracrypt never 
saves History. Again, do not do this on the Decoy OS if you are using plausible deniability for the OS. We need to 
keep the history of mounting the decoy Volume as part of the plausible deniability: 

e Launch Veracrypt 

e Make sure the “Never saves history” checkbox is checked (this should not be checked on the Decoy OS) 


Now you should clean the history within any app that you used including Browser history, Cookies, Saved Passwords, 
Sessions, and Form History. 


Browser History: 
e Brave (in case you did not enable cleaning on exit) 
o Go into Settings 
CfoM [al momsyali=)(ehs 
Go into Clear Browsing Data 
Select Advanced 
Select “All Time” 
Check all the options 
omen © [=1-] am BY] &) 
e Tor Browser 


eo Oo © © oO 


o Just close the Browser and everything is cleaned 
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Wi-Fi History: 

Now it is time to clear the history of the Wi-Fi you connect to. Unfortunately, Windows keeps storing a list of past 
Networks in the registry even if you “forgot” those in the Wi-Fi settings. As far as | know, no utilities clean those yet 
(BleachBit or PrivaZer for instance) so you will have to do it the manual way: 

e Launch Regedit using this tutorial: https://support.microsoft.com/en-us/windows/how-to-open-registry- 
editor-in-windows-10-deab38e6-91d6-e0aa-4b7c-8878d9e07b11 Archive.ors] 

e Within Regedit, enter this to the address bar: 
*“Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\NetworkList\Profiles ~ 

e There you will see a bunch of folders to the right. Each of those folders is a “Key”. Each of those keys will 
contain information about your current known Wi-Fi or past networks you used. You can explore them one 
by one and see the description on the right side. 

e Delete all those keys. 


Shellbags: 
As explained earlier, Shellbags are basically histories of accessed volumes/files on your computer. Remember that 
shellbags are exceptionally useful sources of information for forensics*~° and you need to clean those. Especially if 
you mounted any “hidden volume” anywhere. Again, you should not do this on the Decoy OS: 
e Download Shellbag Analyzer & Cleaner from https://privazer.com/en/download-shellbag-analyzer-shellbag- 
cleaner.php rchive.orel 
o  Launchit 
o Analyze 
o Click Clean and select: 
tae DY=1(=14-10 te) (0(=1 65 
=" Folders on Network / External devices 
sy =¥-] 001 gC =S10 |S 
omens =) (-\oumr-[e\VZ-]a[er=10, 
Ln ©) a =10) r=] 1 =>. (oX=] 0 Um a=W ANYON of-1ol 40] Me) ob do) alom (o(0 MM alo) ml of-[o1.40]o)) 
= Select SSD cleanup (if you have an SSD) 
= Select one pass (All zero) 
an Gl (=¥- 10) 


Extra Tools Cleaning: 
After cleaning those earlier traces, you should also use third-party utilities that can be used to clean various traces. 
These include the traces of the files/folders you deleted. 


Please refer to Appendix H: Windows Cleaning Tools before continuing. 


PrivaZer: 
Here are the steps for PrivaZer: 
e Download and install PrivaZer from https://privazer.com/en/download.php “"hive-orel 
o Run PrivaZer after install 
Do not use their Wizard 
Select Advanced User 
Select Scan in Depth and pick your Target 
Select Everything you want to Scan and push Scan 
Select What you want to be cleaned (skip the shell bag part since you used the other utility for that) 
=" You should just skip the free space cleaning part if using an SSD and instead just use the 
native Windows Optimize function (see below) which should be more than enough. | 
would only use this on an HDD drive. 
o (If you did select Free Space cleaning) Select Clean Options and make sure your type of Storage is 
well detected (HDD vs SSD). 
o (If you did select Free Space cleaning) Within Clean Options (Be careful with this option as it will 
erase all the free space on the selected partition, especially if you are running the decoy OS. Do 


oa © ©@ © Oo 
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not erase the free space or anything else on the second partition as you risk destroying your 
alteke (=a @)))] 

= lf you have an SSD drive: 

e Secure Overwriting Tab: | would just pick Normal Deletion + Trim (Trim itself should 
be enough?”). Secure Deletion with Trim?°? (1 pass) might be redundant and overkill 
here if you intend to overwrite the free space anyway. 

e Free Space Tab: Personally, and again “just to be sure”, | would select Normal 
Cleanup which will fill the entire free space with Data. | do not really trust Smart 
Cleanup as it does not actually fill all the free space of the SSD with Data. But again, 
this is probably not needed and overkill in most cases. 

= If you have an HDD drive: 

e Secure Overwriting Tab: | would just pick Secure Deletion (1 pass). 

e Free Space: | would just pick Smart Cleanup as there is no reason to overwrite 
sectors without data on an HDD drive. 

o Select Clean and Pick your flavor: 

Tad MU] ad oo Gl {-¥-] 010] oI | mola hvmoCoM ato) anat-] meol=) (-1d(elaM (e)a ll n|D) BY Acts) D) -l alo 71] Maeliel(=t-]a lm in=x-Ms 9-0 =e | aS 
ralelmc-1010 | =o) N= 100 nD) Dale) mr-Ja ess) De 

La © 10 (cl ax @1(-¥-] 10] OMNI] MoloMx=\ol0]q=Mol=){-)aeloM (olan |B) D)W-lavom ave) aaat-] mel=)(=14(o)a Mean daloel (o)amss)D) MolUL MN 1 
not clean free space. This is secure enough for SSD but not for HDD. 

Ln \ Cola aa¥=) m@l(=¥-Jal0) om UII meComcx-YoU]a-mo(=)(-14(o)aM (o)aln |D)D) i-Valem ato)daat-] mo(=](=\ae)aleondaleam (o)aicss)D) ir-]ale| 
will then clean the whole free space (Smart Cleanup on HDD and Full Cleanup on SSD) and 
should be secure. This option is the best for HDD but completely overkill for SSD. 

o Click Clean and wait for cleaning to finish. Could take a while and will fill your whole free space with 
data. 


BleachBit: 
Here are the steps for BleachBit: 
e Get and install the latest version from BleachBit here https://www.bleachbit.org/download [’chive orel 
e Run BleachBit 
e Clean at least everything within those sections: 
omen DI=1-] omsior-] a) 
AVViTaxe Lois BY=1iclalel=ta 
Windows Explorer (including Shellbags) 
System 
Select any other traces you want to remove from their list 
=" Again, as with the earlier utility, | would not clean the free space on an SSD drive because | 
think the Windows native “optimize” utility is enough (see below) and that filling up the free 
space ona trim enabled SSD is just completely overkill and unnecessary. 
o Click Clean and wait. This will take a while and will fill your whole free space with data on both HDD 
Tale lesys) Bike| a hice 


eo © © © 


Force a Trim with Windows Optimize (for SSD drives): 
With this Native Windows 10 utility, you can just trigger a Trim on your SSD which should be more than enough to 
securely clean all deleted files that somehow would have escaped Trim when deleting them. 


Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and 
then Optimize again. You are done. That is probably enough in my opinion. 
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id. 


You can optimize your drives to help your computer run more efficiently, or analyze them to find out if they need 
to be optimized. Only drives on or connected to your computer are shown. 


Status 


Drive Media type Last analyzed oro... Current status 


= Windows (C:) Solid state drive 26/01/2021 21:02 OK (0 days since last retrim) 


Optimize 


Scheduled optimization 


On Change settings 
Drives are being analyzed on a scheduled cadence and optimized as ne... 


Frequency: Weekly 





Chances are your actions (such as posts on various platforms, your profiles) will be indexed (and cached) by many 
search engines. 


Contrary to widespread belief, it is possible to have some but not all this information removed by following some 
steps. While this might not remove the information on the websites themselves, it will make it harder for people to 
find it using search engines: 

e First, you will have to delete your identities from the platform themselves if you can. Most will allow this but 
rato) t=] Pino) auto) aaT=PanYZole Many i*4 al ial at-NV{om nomeco) aie Loin ual=1| amc10] 0) ole) au A patotel =) e-] Ke) ecw] ale mie) mroluat=lacmmaal=)c-mV1IM ol=maet-lell 
available forms to do so. 

e If they do not allow the removal/deletion of profiles, there might be a possibility for you to rename your 
io (=Yal diay Am © at-Val:<-MaaloM UK) ar-laaleM im Zele mer lanr-lalemr-]im-leeolb) aim laliolgaat-idelam idan oley:40km alco) gaat-ldo)amiatelvlol|atomaata 
e-mail. 

e If allowed, you can also sometimes edit past posts to remove the information within those. 


You can check some useful information about how to and get delete various accounts on these websites: 


When you are done with this part, you should now handle search engines and while you may not be able to have the 
Tavcela aati relamel=)(ainsvo MVolU Mer] aM-13) qrdat=l aa mom] ofot-1n=¥An=laa(o\-Moleinol-1c-Voml alco) aant-1a(o)amuvial(eiamerele](olmdat=lama)aa(e\’{-mcre) pas) 
(or Tel al=re Malco) anat-14le)am 
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Google: 
Unfortunately, this will require you to have a Google account to request the update/removal (however this can be 
done with any Google account from anyone). There is no way around this except waiting. 


Go to their “Remove outdated content from Google Search” page here: https://search.google.com/search- 
console/remove-outdated-content "ve--rl and submit a request accordingly. 


Hin’ZoLUl ano) ce) i1(-YAUKX=1 ate] aatemckMe lel (a1neYoy Aoi at-]ayex=to mma alan aralol0] (Ma ati ale l=) aaal=m ao) alelayar-]are MU) ofo-ln=m-(e xo) collated \Vamre] ale | 
remove these traces. 


These requests might take several days to process. Be patient. 


Bing: 
Unfortunately, this will require you to have a Microsoft account to request the update/removal (however this can 
be done with any Microsoft account from any identity). There is no way around this except waiting. 


Go to their “Content Removal” page here: https://www.bing.com/webmasters/tools/contentremoval /rchive-orel and 
submit a request accordingly. 


If your profile/username was deleted/changed, they should re-index the content and update accordingly, and 
remove these traces. 


This might take several days to process. Be patient. 


DuckDuckGo: 
B]UTol.4 BY Tol. <CLoMe [ol -KM alo] myo] g-W- Mer-Lolal Te MYZ-1et(e] eRe) m of-1-4-\-mamm-l ale MUI] Mlalcin-t-\e Biola 'Z-1ae MYZelU Mol MCTolo)=4(-YAsiia}-mer-[alal=1e| 
version if available. 


TaWecKe(elhateyapim BLU To1.4D]Uol <C{oMcVol0 | ger-Maalol-imoyam val-t[ams’t-1ae1a(-M icedaaMsiialca Clave M alerm Clerey=4(-) ammr-lave ma alslesice) com a-leate\ialca nats 
content from Bing should in time have it removed it from DuckDuckGo too. 


Nflaleloye 
Unfortunately, this will require you to have a Yandex account to request removals (however this can be done with 
any Yandex account from any identity). There is no way around this except waiting. 


Once have your Yandex account, head to the Yandex Webmaster tools https://webmaster.yandex.com “""e-"8l and 
then select Tools and Delete URL https://webmaster.yandex.com/tools/del-url/ “rchive-o] 


There you could input the URL that does not exist anymore if you had them deleted. 


This will only work with pages that have been deleted and therefore will not work with removing the cache of 
existing records. For that unfortunately there is no tool available to force a cache update, but you can still try their 
feedback tool: 


Search for the page that was changed (where your profile was deleted/changed) and click the arrow next to the 
result. Select Complain. And submit a complaint about the page not matching the search result. Hopefully, this will 
force Yandex to re-crawl the page and re-index it after some time. This could take days or weeks. 


Qwant: 
As far as | know, there is no readily available tool to force this, and you will have to wait for the results to get 
updated if there is any. If you know a way, please report this to me through the GitHub issues. 


Yahoo Search: 
Yes, Yahoo Search still exists but as per their help page https://help.yahoo.com/kb/SLN4530.html 4"hve-o8]_ there is 
no way to remove information or refresh information besides waiting. This could take 6 to 8 weeks. 


461 DuckDuckGo help, Cache https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/ [*chive.orel 


462 DuckDuckGo help, Sources https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/ A’chive.ore] 
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Baidu: 

As far as | know, there is no readily available tool to force this unless you control the website (and do it through their 
webmaster tools). Therefore, you will have to wait for the results to get updated if there is any. If you know a way, 
please report this to me through the GitHub issues. 


Wikipedia: 

As far as | know, there is no way to remove information from Wikipedia articles themselves but if you just want to 
remove traces of your username from it (as a user that contributed), you can do so by following these steps: 
https://en.wikipedia.org/wiki/Wikipedia:Courtesy_vanishing Wikies] [Archive.org] 


AU aVCMUUII Marelang-Tanto\{-m-]anvalavie) aaarelace)aw-] oXolUimol¥larolal iial=m(e-laudid(=tomaat-ianecol0](0Wr-]o) el-t-] alamo) a alc) ar-]au(ol(-tm ol 0] mola WAOLU]s 
own identity on Wikipedia as a user. 


Archive.today: 
Some information can sometimes be removed on demand (sensitive information for example) as you can see many 
examples here: https://blog.archive.today/archive 


This is done through their “ask” page here: https://blog.archive.today/ask 


Internet Archive: 

You can remove pages from internet archives but only if you own the website in question and contact them about 
it. Most likely you will not be able to remove archives from say “Reddit posts” or anything alike. But you could still 
ask and see what they answer. 


As per their help page https://help.archive.org/hc/en-us/articles/360004651732-Using-The-Wayback-Machine 
“How can | exclude or remove my site's pages from the Wayback Machine? 


You can send an e-mail request for us to review to info@archive.org with the URL (web address) in the text of your 
message”. 


Others: 
Have a look at those websites: 


e https://justdeleteme.xyz/ 
e = https://inteltechniques.com/workbook.html| /’chive orel 


Some low-tech old-school tricks: 


milekel-lameelanvaalelalie-iulelarcmiam elt-liamciic4ale 

You must keep in mind that using all those security measures (encryption, plausible deniability, VPN, tor, secure 
operating systems ...) can make you suspicious just by using them. Using could be the equivalent of stating openly “1 
have something to hide” to an observer which could then motivate some adversaries to investigate/survey you 
further. 


So, there are other ways you could exchange or send messages online to others in case of need without disclosing 
VoLUlmulel=\aldinvmelm=s-]o)ialiarmelia=xeimexelaalaalelal(er-id(olami idem dal-)aahi Mal=sXom al-)V{om ol=\-1a aU KYM o\VANVZ-] a (OLU Mo) gx-1alP4-10(o) amie) s 
(ol =Yor-(ol=kwr- ale Mor-]aM ol=me) im ai] OMIM Y(elU o(oM alo) mn Z-]aimnon- lade. lolmr-1an-lald (ola o\VMUls\ [al -mccVolb] c-mn-YolamNvali(mcial| mecelaalaalelal(erchil als 
some sensitive information without attracting attention. 


A commonly used technique that combines the idea of a Dead Drop*®? and Secure Communication Obfuscation*™ 
through Steganography*© and/or Kleptography*® and has many names such as Koalang*” or “Talking Around” or 


463 Wikipedia, Dead Drop https://en.wikipedia.org/wiki/Dead_drop Wikies] [Archive.org] 


464 Wikipedia, Secure Communication Obfuscation https://en.wikipedia.org/wiki/Obfuscation#Secure_communication Wikless! 
IVNiel aYVemo) g4| 


465 Wikipedia, Steganography https://en.wikipedia.org/wiki/Steganography 'Wikiless] [Archive.org] 


466 Wikipedia, Kleptography https://en.wikipedia.org/wiki/Kleptography 'Wikless] [Archive.org] 


Page 185 of 243 








MateM mlineialallq-ieecn 10) (elmo @)alilat-w-Varey an zanlia’g 


even “Social Steganography”. This technique is very old and still widely used nowadays by teenagers to bypass 
eye} a=1a1e=) exolald co) Pau hem (om ale li arcaam e) fli amid ali 


Here is one example if you want to let someone know something is wrong and they should go dark? That they should 
immediately wipe all their data, get rid of their burner phones and sensitive information? 


What if you want to let someone you trust (friends, family, lawyers, journalists ...) know that you are in trouble, and 
they should look out for you? 


All this without revealing the identity of the person you are sending the message to nor disclosing the content of 
that message to any third party and without raising suspicions and without using any of the secure methods 
mentioned above. 


Well, you could just use any online public platform for this (Instagram, Twitter, Reddit, any forum, YouTube...) by 
using in-context (of the chosen platform/media) agreed upon (between you and your contact) coded messages that 
only your contact would understand. 


This could be a set of specific emojis or a specifically worded mundane comment. Or even just a like on a specific 
post from a known influencer you usually watch and like. While this would look completely normal to anyone, this 
(oro lU] (Maal =r-la Mra Kol Manone dale) (-Yol<4c¥-] 0) (em act-[e(=] am’ aloMecol¥] (eMadal-lame-] <-W-] 0] e)ae) o)ar-]n-W-l-4q-1-10 P10) ole) amr-leid lo) acon ColU moro) 0] C0 fr-] ks1e) 
hide the message using Steganography using for instance https://stegcloak.surge.sh/. 


You do not even have to go that far. A simple “Last seen” time on a specific account could be enough to trigger a 
message agreed upon. If your interlocutor sees that this account was online. It could mean there is an issue. 


How to spot if someone has been searching your stuff: 
There are some old tricks that you can use to spot if people have been messing with your stuff while you were away. 


One trick for instance is quite simple and just requires a wire/cable. Simply lay objects on your desk/night table or in 
your drawers following a straight line. You can use a simple USB cable as a tool to align them. 


Make a line with your cable and place objects along the line. When you are back, just check those places and check if 
the objects are still placed along the line. This allows you not to remember precisely where your things were without 
taking pictures. 


Ho) mdb) a= 1a-) \Vmmaarele(=l dal x=Xo alate) (oy-AVmar-kwaal-le (om dalicmo\{-) aml (aq) o)(=1emm Nin vZOLUMCLULS) of loi mmsio) a a{=relal=Waalts4 ale of=M (ole) diavemualgelll-4amvcollg 
stuff while you are away, you can just take a picture of the area with your phone before leaving. When you are back, 
just compare the areas with your pictures and everything should be exactly where you left it. If anything moved, 
then someone was there. 


It will be extremely hard and time-consuming for an adversary to search through your stuff and then replace it 
exactly as you left it with complete precision. 


What if it is a printed document or book and you want to know if someone read it? Even simpler. Just carefully make 
a note within the document with a pencil. And then erase it with any pencil eraser as if you wanted to correct it. The 
trick is to carefully leave the eraser traces/residues on the area you erased/pencil written areas and close the 
document. You could also take a picture of the residues before closing the document. 


Most likely if someone went through your document to read it and re-placed it carefully, this residue will fall off or 
be moved significantly. It is a simple old-school trick that could tell you someone searched a document you had. 


Some last OPSEC thoughts: 

Wait, what is OPSEC? Well, OPSEC means Operations Security*™. The basic definition is: “OPSEC is the process of 
protecting individual pieces of data that could be grouped together to give the bigger picture “. 

OPSEC is often just applying common sense and being cautious about your activities including in the physical world: 


467 Wikipedia, Koalang https://en.wikipedia.org/wiki/Koalang Wikies] [Archive.org] 
468 Wikipedia, OPSEC https://en.wikipedia.org/wiki/Operations security /Wikiless] [Archive.org] 
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e Remember to use passphrases instead of passwords and use a different one for each service (Appendix 
A2: Guidelines for passwords and passphrases). 

e Make sure you are not keeping a copy of this guide anywhere unsafe after. The sole presence of this guide 
will most likely defeat all your plausible deniability possibilities. 

e Consider the use of Haven https://guardianproject.github.io/haven/ “"'°"2] on some old android phone to 
keep watch on your home/room while you are away. 

e Doxx “yourself” and your identities from time to time by looking for them yourself online using various 
search engines to monitor your online identities. You can even automate the process somewhat using 
various tools such as Google Alerts https://www.google.com/alerts “hive-ors), 

e Remember Appendix N: Warning about smartphones and smart devices. Do not forget your smart devices 
or] aoe) onl e) nolan cy=m color mr-lalelanaaaliaya 

e Donot ever use biometrics alone to safeguard your secrets. Biometrics can be used without your consent. 

e Do not ever travel with those devices if you must pass strong border checks and where they could be illegal 
or raise suspicion. 

e Do not plug any equipment in that laptop unless you trust it. Use a USB data blocker for charging. 

e Docheck the signatures and hashes of Software you download before installing them. 

e Remember the first rule of fight club and do not talk to anyone about your sensitive activities using your real 
identity. 

e Keep anormal life and do not be weird. If you spend all your online time using Tor to access the internet and 
have no social network accounts at all ... You are already suspicious and attracting unnecessary attention. 

e Encrypt everything but do not take it for granted. Remember the 5S wrench. 

e Keep plausible deniability as an option but remember it will not help against the 5S wrench either. 

e Never ever leave your laptop unattended/on/unlocked anywhere when conducting sensitive activities. 
Remember the story of Ross Ulbricht and his arrest 
https://en.wikipedia.org/wiki/Ross_Ulbricht#Silk_Road, arrest_and_trial Wikies] [Archive.org] 

Ham @l aT =Yo1 au co) ames] an} oX=1alavoal c=y°40] felanval (alenmted al \Vanvcele] axe (nV/ (ers ol0] m=] Ko IZol0] ml avolaet=¥Agelolan) B 

e If you can, do not talk to the police/authorities (at least if you are in the US) 
https://www.youtube.com/watch?v=d-709xYp7eE ""vi4ious] without a lawyer. Remain silent. 

e Know and always have at your disposal the details of a lawyer that could help you as a last resort in case 
things go wrong. 

e Read those tips here https://www.whonix.org/wiki/DoNot ’hive.ors] 

e Finally, have common sense, do not be dumb, look and learn from others’ mistakes, watch/read these: 

o Medium.com, Darkweb Vendors and the Basic Opsec Mistakes They Keep Making 
https://medium.com/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making- 
sy Wephsisy-Vbststor [Scribe.rip] [Archive.org] 

© 2020, Sinwindie, OSINT, and Dark Web Markets, Why OPSEC Still Matters 
https://www.youtube.com/watch ?v=lqZZU9IFIF4 lnvidious] 

o 2020, RSA Conference 2020, When Cybercriminals with Good OpSec Attack 
https://www.youtube.com/watch?v=zXmZnU2GdVk lnvidious] 

o 2015, DEFCON 22, Adrian Crenshaw- Dropping Docs on Darknets: How People Got Caught, 
https://www.youtube.com/watch?v=eQ20ZKitRwe !'"isiousl (Slides MArchive.orsl) 

o 2017, Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev 
https://www.youtube.com/watch?v=6Chp12sEnWk l!nvidious] 

© 2015, DEF CON 22 - Zoz - Don't Fuck It Up! https://www.youtube.com/watch ?v=J1q4Ir2J8P8 lnvidious] 
WXoyX oye s¥-1o tO) o}:\-1 one w(o)'\'am Ke) au Ok-X=1 gM C(O) mm Or-10)=4 0] ail ald oc¥9 MAVVANVAUVANZOLU 40] of-MeLo) paVANVE-1Xel grave], WU l0|Cr@lCy\0) 


[Invidious] 


FINAL OPSEC DISCLAIMER: KEEP YOUR ANONYMOUS IDENTITIES COMPLETELY SANDBOXED FROM YOUR NORMAL 
ENVIRONMENT AND REAL IDENTITY. DO NOT SHARE ANYTHING BETWEEN THE ANONYMOUS ENVIRONMENTS 
AND THE REAL IDENTITY ENVIRONMENT. KEEP THEM COMPLETELY COMPARTMENTALIZED ON EVERY LEVEL. 
MOST OPSEC FAILURES ARE DUE TO USERS ACCIDENTALLY LEAKING INFORMATION RATHER THAN TECHNICAL 
FAILURES. 
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If you think you got burned: 


If you have some time: 

e Don’t Panic. 

e Delete everything you can from the internet related to that specific identity (accounts, comments ...). 

e Delete everything offline you have related to that identity including the backups. 

e (If using a physical SIM) Destroy the SIM card and trash it in a random trash can somewhere. 

e (If using a physical Burner Phone) Erase then destroy the Burner phone and trash it in a random trashcan 
somewhere. 

Cs =1010] =) \VAC=) = s=Mi a nom [=] 0] Ke) OM al-] ce Mol ah VaW-] arom dal=yaM(o(=t-]| Nae) gee s\-xom Kel 0) a\vict(ere] | \Vaxe(=X10c@) Van dal=Wl wD) DY Acts) BY A=] eo) Ko) olk=] ave! 
trash it somewhere. 

e Do the same with your backups. 

e Keep the details of your lawyer nearby or if needed, call them in advance to prepare your case if needed. 

e Return to your normal activities and hope for the best. 


If you have no time: 
e Don’t Panic. 
e Try to shut down/hibernate the laptop as soon as possible and hope for the best. If you are fast enough, 
your memory should decay or be cleaned, and your data should be mostly safe for the time being. 
e Contact a lawyer if possible and hope for the best and if you cannot contact one (yet), try to remain silent (if 
your country allows it) until you have a lawyer to help you and if your law allows you to remain silent. 


Keep in mind that many countries have specific laws to compel you to reveal your passwords that could override 
your “right to remain silent”. See this Wikipedia article: https://en.wikipedia.org/wiki/Key_disclosure_law 'iKless] 


[Archive or8] and this other visual resource with law references https://www.gp-digital.org/world-map-of-encryption/ 
VNiel aYVimel ¢4| 


P-SSTaaYel | malate] m=reline)al-]marelace 

After reading this whole guide, | hope you will have gained some additional beneficial insight about privacy and 
FTatolany/anlinvou ie Mol (=r-] mm aco) wVemlamea\vaalvlanle) (Moye) falvolapmaar-lendal-mivcola remem I\V=m lal at-Kmo) al Varina Ar 1K=M al-] a ole) ecm a=) aat-l allay 
where one could have a reasonable expectation of privacy and even less so anonymity. Many will often say that 
1984 by George Orwell was not meant to be an instruction book. Yet today this guide and its many references 
should, | hope, reveal to you how far down we are in the rabbit hole. 


boU IS) aYolUI(ol=] Yo ¢alohW Vane at] muna lolieoy muarcmell<4ic-] Ml alieleaat-iulelamel-sxold) ol-foM [aM -lat-adaMiamdal(w-40) (ol Mer] am elo rolg-x-lo mole 
tampered with by a motivated adversary for any purpose. Even if you do manage to keep secrets from prying eyes, 
anyone can fabricate anything to fit their narrative: 
e IP logs, DNS logs, Geolocation logs, and Connection logs can be forged or tampered with by anyone using a 
simple text editor without leaving traces. 
e Files and their properties can be created, altered, and timestamped by anyone using simple utilities without 
leaving traces. 
e EXIF information of pictures and videos can be altered by anyone using simple utilities without leaving 
traces. 
e Digital Evidence (Pictures, Videos, Voice Recordings, E-Mails, Documents...) be crafted, placed, removed, or 
destroyed with ease without leaving traces. 
WoL) aYol0] (ol afolam al=\c}ie-)R=MRoMe[O[-Ko1d le) ama alimny/ Moya [aliolanet-ldelaMmice)aa-la\vacolll cam lama) cw-]sxomo) mel ky iaice)aeat-ldlolan 
469 


“A lie can travel halfway around the world while the truth is putting on its shoes 


Please keep thinking for yourself, use critical thinking, and keep an open mind. “Sapere Aude” (Dare to know!). 


469 Quote Investigator, A Lie Can Travel Halfway Around the World While the Truth Is Putting On Its Shoes 
https://quoteinvestigator.com/2014/07/13/truth/ ’rchive-orel 
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“In the end the Party would announce that two and two made five, and you would have to believe it” -- George 
Orwell, 1984, Book One, Chapter Seven. 


Consider helping others (see Helping others staying anonymous) 


DYeyar-)alelaisy 
This project has no funding or sponsoring, and donations are more than welcome. 


See current goals and donate at https://anonymousplanet.org/donations.html Mirror) [Archive org] [Tor Mirror] Or directly by 
sending Monero (XMR) to this Address: 
”4549BGJrEPBfpiPRL9CVGzGMgJnC1Dzf8EXLVfY8Ukrnj7LzkTV611dGf9tuQHiSQjbixsNWiffNiIV5fPB3LkyF7UXi3vwQ ~~ 


Monero 


OF “3 
gi: 





(Please do verify the checksum and GPG signature of this file for authenticity, this is explained in the README of 
the repository if you do not know how to do that). 


Bitcoin (BTC) to these addresses: 
e SegWit Address: ~~ bciqtall24j005qsd3dw8wahxhvged4vepn9fjp3my ~ 
e Legacy Address: ~°17jYYV1x92fm9EVDbHuQjS5t9Qc44533Jw 


Note that these addresses are being changed at each release, but the old ones are still valid. 


Bitcoin SegWit Bitcoin Legacy 





(Please do verify the checksum and GPG signature of this file for authenticity, this is explained in the README of 
the repository if you do not know how to do that). 


Helping others staying anonymous: 
If you want to give a hand to users facing censorship and oppression, please consider helping them by helping the 
Tor Network. You can do so in several ways: 
e The Easiest: 
o Using the Snowflake addon on your browser (https://snowflake.torproject.org/ 'chive.orsl) 
e = Slightly more work: 
o Runninga Tor relay node (https://community.torproject.org/relay/ rchve-crel) 
= See Recommended VPS hosting providers 
# Additional Tutorial: https://torrelay.ca/ “hives! 


If you want a bit more challenge, you can also run a Tor Exit node anonymously using the recommended VPS 
rela Ni (e(=1ace-] oe) 
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For this, see https://blog.torproject.org/tips-running-exit-node A’hive orel 


This project for instance is running several Tor Exit nodes using donations to fund. You can see them here: 
https://metrics.torproject.org/rs.html#search/family:970814F267BF3DE9DFF2A0F8D4019F80C68AEE26 
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Appendix A: Windows Installation 


This is the Windows 10 installation process that should be valid for any Windows 10 install within this guide. 


Windows 11 is not yet supported by this guide (but it will be in the future at some point). 


Naksieelifclulelae 

DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a 
Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the 
install process). 


e = Click “Install Now” 
e Select “I don’t have a product key” 
e Select the flavor you want: 
oe a ()-1 OS OX) 
= You intend to use Plausible Deniability: Windows Home 
=" You do not intend to use Plausible Deniability: Windows Pro 
o VM OS: Use Windows Pro or Windows Pro N 
e Select Custom 
Ces) 0) #-|48 
o If this is a simple OS installation (Host OS with Simple Encryption) or VM without encryption, select 
the whole disk and proceed with the installation (skip the next step). 
oO If this is part of a plausible deniability encryption set up on the Host OS: 
= If you are installing Windows for the first time (Hidden OS): 
e Delete the current partitions 
e Create the First partition with at least SOGB of disk space (about a third of the total 
disk space). 
e Create a second partition with the remaining two-thirds of the total disk space. 
= If you are installing Windows for the second time (Decoy OS): 
e Do not Delete the current partitions 
e Install Windows on the first partition you created during the first install. 
=" Proceed with the install in the first partition 
e Start the install process 
e Select the Region “United Kingdom” 
e Skip the additional Keyboard Layout 
e Select “I don’t have internet” 
e Select “Continue with limited setup” 
e Create a username of your choice. 
e Usea password of your choice. 
e Select all three security questions and answer whatever you want (not real data). 
e Donot use Online Speech Recognition 
Cn DYoWs aYoyen (lend a\=ur-] 0) oMUK\-m\(010] am (olor uLe)a} 
Cn Blom atoyan=lar-]o)(-MmilareMaaNmels\U (ewe 
e Only send “required diagnostic data” 
Cin DYoms aleve ale) cod [al.dlatoar-lateim BV) i al=4 
e Donot get any improved tailored experience. 
ime DYoWs aYoyen (-aer-] 0) osmUIYom -Vo\{-) act] a} am 1D) 
e Select “Now” at the Cortana prompt 
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Privacy Settings: 
e When the install is finished, get into Settings > Privacy and do the following: 
o General: All Off 
Speech: Off 
Taldta¥carelaleim BVdo)l al: @) im 
Diagnostic: Required level at off, options on OFF, Delete your data, frequency set to Never 
Activity History: all Off and Clear the history 
| MoXer-\aKo)avar-]| MO} (ol a-lay:4=m olUiadola) m-yaveMmel(=t-lanlt 
Camera: Disable it (change button) 
WV Ket ge) 0) aXe) ay =u BJ ic¥-] 0) (=i an (olat-]alexom ol U)aKoya}) 
Voice Activation: All Off 
INYoy ah iter=yd(o) aba B)icy-] 0) (Mim Colav-lal-xcMu oLUi nce) ay) 
PNefofol Ul n\n ay cove B)Ky-] 0) (Mima (lat-lalsxem olUidceyey) 
(Coy aiv-\oimn|a) cede P)Ict-] 0) (Wim (olpt-Vavexom elUianola)) 
Calendar access: Disable it (change button) 
) ato) at=Mor=] | (com B)st=] 0) (=i (olgl-]atexom ol UL Amol a)) 
Call History: Disable it (change button) 
E-mail: Disable it (change button) 
Jc) <cam D) =] 0) (hn (ou gl=] at exoM oLU] anol a)) 
NV Kexsicte} <4] a) 4am Disk] 0) (=i hm Colat-Vatexom o] Ui anol a)) 
sXe | (oxspam DJ y=] 0) (eM Lom (olave]al-xom OLUL nme) ay) 
Other devices: Set to Off 
s¥e(o.424 col0] avo my -V0) olson D)ict-] 0) (Mim Colal-latexom ol Ui anol a}) 
VWoy om DYE =4 aossia (cso D) icx-] 0) (Mien Colav=] a2 oLU Lane) ay) 
DYoYol Ul aat=1a) aceam B)ict=] 0) (Mian Colat-]al-xom oLU] anol a)) 
Pictures: Disable it (change button) 
AViTo[=Xo\-au B) Kxx-] 6) (hem (or al-)aveXou LU] anole) -] ale Mx-i an Koo) ai 
o File system: Disable it (change button) 
e Disable File Indexing by going into the “Indexing Options” (Go into Windows 10 Control Panel, Switch the 
view to “Large Icons” and select Indexing Options. 
o Modify the list and remove all locations. 
omen Clon aixeW Xe lVZ-1ale-volr-] ale mel l(e). @nX-10101 110 p 
e (Host OS only) Disable Bluetooth in the settings: 
o Go into Settings 
o Go into Devices 
o Select Bluetooth and turn it off 


GO oOo oqo oooaqaqoevogcgcoa@goeoeo ogee © © 


Cem (1n Cosi © @) a) \V9 r=] of=Ma a=W NAN(=) ofor= Ja alt=] alo \V/i(elge) 0) alolal=M-laNanic-\ mice) m=> du e- Ml ef-]e-]ale) eo 
(Host OS Only) Go into Settings > Network & Internet > Wi-Fi and Enable Random Hardware Address. 


Appendix B: Windows Additional Privacy Settings 


As written earlier in this guide and as noted by PrivacyGuides.org*”°, Windows 10 is a privacy nightmare. And 
disabling everything during and after the installation using the settings available to you is not enough. The amount of 
telemetry data collected by Microsoft is staggering and could defeat your attempts at keeping secrets. You will need 
ive Melon ial (oy-\o m= Jaleo MU {-M-Maol0] 0) (-Mo) MUld||iu{=tm MoM ( alo) el=1iUl|\VA mie) mecM VAT atel oy icmm NOM alco alo) misy-lalol]a¥eaor=| a=W of-\el qu coll Y/|(ol Kelso) am 


Here are the steps in detail: 
e DONOT EVER USE A MICROSOFT ACCOUNT TO LOG IN: If you are, you should be re-installing this 
Vi TateCoyWVCM VW FLolallavemutanroleimaelsal-lodlsl-mcod-Mal-ial ela a@-laleMUty-M-M ole] M-(aeelU nl ma iner-[om 


Do these steps from a different computer to not connect Windows 10 to the internet before those settings are 
applied. You can download and copy those to the USB key (for transfer onto a Windows 10 fresh installation) or 
470 Privacyguides.org, Operating Systems https://privacyguides.org/operating-systems/ ”hive-'8] 
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if it is a VM, you can transfer them to the VM within Virtualbox (VM Settings > General > Advanced > Drag n Drop 
> Enable Host to Guest). 


e Download and install W10Privacy from https://www.w10privacy.de/english-home/ "hive ore] 
o Open the app as Administrator (right-click > more > run as administrator) 
o Check all the recommended (Green) settings and save. 
o Optional but recommended (but could break things, use at your own risk), also check the orange/red 
settings, and save. 
o Reboot 
Mae DYoN ial loy-LeM-TaleMaUlaM "sd Tate (enn) oy'2 5) lole<-1 am icelanM alan s\<t7 4 Aelg-VAV/naT-b ee [\ZA\alatelennicwyen as) (ole) <-1eA0(elinl (eye 1e) maaan) 
oO Type 1 and go into Telemetry 
Oo Type 1 and go into Firewall 
oO Type 2 and add Spy Rules 
o Reboot 
e Also, consider using ShutUp10 from https://www.oo-software.com/en/shutup10 Archive ore] 
o Enable at least all the recommended settings 
e Go back one last time Settings > Privacy > Diagnostic and Delete all Data. 


These measures added to the settings during installation should be hopefully sufficient to prevent Microsoft from 
snooping on your OS. 


You will need to update and re-run W10Privacy and WindowsSpyBlocker frequently and after any Windows 
update as they tend to silently re-enable telemetry using those updates. 


As a bonus, it could be interesting to also consider Hardening your Windows Host OS somewhat. See 
https://github.com/beerisgood/windows10_hardening '"“'ve--'s] (This is a security guide, not a privacy guide. If you 
use this guide, do not enable Hyper-V as it does not play well with Virtualbox, and do not enable features that were 
specifically disabled for privacy reasons earlier. Such as SmartScreen, cloud protection...) 


Appendix C: Windows Installation Media Creation 


These are the steps to create a Windows 10 (21H1) Installation Media using this tool and instructions: 


https://www.microsoft.com/en-us/software-download/windows10 rchive.crs] 

e Download the tool and execute it from your Download folder. 
e Agree to the terms 
e Select the process to Create an installation Media. 
e Select Windows 10 64 Bits edition with the language of your choice. 
e Pick which process you want: 

oO If installing on a physical computer: Select USB Flash Drive 

oO If installing on a Virtual Machine: Select ISO file and save it. 
e Proceed 


Appendix D: Using System Rescue to securely wipe an SSD drive. 
These instructions are valid for all Operating Systems: 
e System Rescue: 

o Create a System Rescue USB disk following these instructions https://www.system- 
rescue.org/Installing-SystemRescue-on-a-USB-memory-stick/ 4-08! (download the ISO and write 
to a USB stick with Rufus). 

© Disable Secure Boot in your BIOS/UEFI settings and change the boot order to the USB disk (System 
Rescue bootloader is not signed and will not boot with secure boot enabled). 

o Follow the instructions to change the keyboard layout by typing “stkmap”. 

© (optional) Run startx afterward to start a graphical environment. 

CSyAVAWs)s) DE 
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o (If you ran startx) Open a terminal 
o ATA Secure Erase: 
= Follow one of these tutorials 
e = https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing 
[Archive org] 
e =https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase [Archive ore] 
e https://tinyapps.org/docs/wipe_drives_hdparm.html chive ore) 
oO. ATA Sanitize: 
* Follow this tutorial https://tinyapps.org/docs/ata_sanitize_hdparm.html chive orel 
e NVMe SSD: 
© (If you ran startx) Open a terminal 
o Follow one of these tutorials: 
= —https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_ clearing hives] 
» https://tinyapps.org/docs/nvme-secure-erase.html Archive ore] 
» —https://tinyapps.org/docs/nvme-sanitize.html| “*hve-orel 


Appendix E: Clonezilla 


e Get Clonezilla by just following these instructions: https://clonezilla.org/liveusb.php “veel (| recommend 
the Alternative version AMD64 that should work with most recent laptops) 
e Boot from Clonezilla 
e Follow these steps to make a backup: https://clonezilla.org/show-live-doc-content. php ?topic=clonezilla- 
live/doc/01_Save_disk_image ’hive-orel 
©. If you are backing up a disk with simple Encryption, encryption of the backup is not required since 
you are backing up an already encrypted disk, but you can still encrypt the backup anyway if you 
want additional security (and slower backup). 
© If you intend to back up a device with plausible deniability encryption, | strongly recommend 
against it as this backup image could be used to prove the existence of the hidden volume using 
forensics techniques as explained earlier. Do not make an image backup of the partition 
containing your hidden OS. 
e You are done, if you need to restore, follow these instructions: https://clonezilla.org/show-live-doc- 
content.php?topic=clonezilla-live/doc/02_Restore_disk_image *"hve--rel 


Each backup could take a while depending on the speed of your laptop and the speed of your external drive. In my 
experience, expect about 1 hour per backup depending on the drive size and the write speed of your backup media 
(my tests were done backing up 256GB SSDs on a USB 3.0 7200rpm HDD). 


Appendix F: Diskpart 
Diskpart is a Windows utility that can be used to perform various operations on your hard drive. In this case, we will 
use Diskpart to show the Disk ID but also change it if necessary. 


This could be needed if you restore a backup on a new HDD/SSD that has an ID that differs from the one backed up 
and Windows could refuse to boot. 


Diskpart can be run from any Windows environment using a command prompt. This includes recovery disks created 
by utilities such as Macrium Reflect, any Windows Installation media, EaseUS Todo Free rescue disks. 
e Displaying the disk ID 
o Run Diskpart to enter the Diskpart utility 
o Issue the list disk’ command to list the disks 
o Issue the “sel disk x” (replace x with your system disk) to select your system disk 
o Issue the detail disk’ to show the details of this disk 
o Take note of the disk ID (this should be done BEFORE backing up your disks). 
e Changing the disk ID 


Page 194 of 243 








MaveM ml ineinlall¢-leecn 10) (e(-mon @)alilat-w-Varey an zanlia’g 


© This step should only be done if, after restoring a full disk backup to a new hard drive, Windows 
refuses to boot 
Issue the same commands as above on the target new disk 

o Issue, in addition, the command ~uniqueid disk id=02345678 ~ (where you replace the id by the 
one you noted before) 


Appendix G: Safe Browser on the Host OS 


If you can use Tor: 

This guide will only recommend using Tor Browser within the host OS because it has the best protection by default. 
The only other acceptable option in my opinion would be to use Brave Browser with a Tor tab but keep in mind that 
Brave themselves recommend the use of Tor Browser if you feel your safety depends on being anonymous””?: “If 
your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave 
Tor windows. “. 


This Browser on the host OS will only be used to download various utilities and will never be used for actual sensitive 
activities. 


Refer to Appendix Y: Installing and using desktop Tor Browser. 


If you are experiencing issues connecting to Tor due to Censorship or Blocking, you might consider using Tor bridges 
as explained here: https://bridges.torproject.org/ Archive.orel 


Use this browser for all the next steps within the host OS unless instructed otherwise. 


If you cannot use Tor: 
Because it is too dangerous/risky/suspicious. | would recommend as a last resort using Firefox, or Brave only using 
Private Windows for now. 


See Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option before continuing. 


Only do this from a different safe public Wi-Fi every time (See Find some safe places with decent public Wi-Fi) and 
using a long-range connection (See Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe 
distance:). 


Clean all the data from the browser after each use. 


Use this method for all the next steps within the host OS unless instructed otherwise. 


Appendix H: Windows Cleaning Tools 
Tamaalism4el(ol=m mall macxelanlaat=lalemaN’Zeradallaemar-la\Vomxeye) kow-lalelmaNycemd alae tt ey-)anvmxele) (ch 
e Native Tools: 


© Windows 10 Disk Cleanup Utility: https://support.microsoft.com/en-us/windows/disk-cleanup-in- 
windows-10-8a96ff42-5751-39ad-23d6-434b4d5b9a68 [A'chive.ors] 


This tool will clean up a bunch of things natively. It is not enough, and | instead recommend using the 
third-party tools below to clean more stuff. PrivaZer for instance will use the disk cleanup utility directly 
itself and BleachBit will use its own mechanisms. 


o Windows 10 Optimize Utility (Defrag on HDD Drives): https://support.microsoft.com/en- 
us/windows/defragment-your-windows-10-pc-048aefac-7f1f-4632-d48a-9700c4ec702a Archive.ors] 


For security, this tool is particularly useful on SSD drives at this “Optimize” function will in fact force a 
Disk wide Trim operation to occur. This will most likely be more than enough to make sure any deleted 


471 Brave Support, What is a Private Window with Tor? https://support.brave.com/hc/en-us/articles/360018121491-What-is-a- 


Private-Window-with-Tor- Archve-crel 
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data that was not trimmed before for any reason will be this time. Deleted data with Trim is very unlikely 
to be recovered as explained before in this guide. 


e = Third-Party Tools: 
o The open-source utility BleachBit https://www.bleachbit.org/ “*hive ol 
o The closed-source utility PrivaZer https://privazer.com/ rchive.orel 


| prefer PrivaZer because it has more customization and smarter features, but | would understand if you do not trust 
them and prefer open-source software in which case | would recommend BleachBit which offers a bit less 
customization but similar functionalities. 


Both these tools can be used for cleaning many things such as: 
e The Windows USN journal which stores plenty of information*””. 
e The Windows System Resource Usage Monitor (SRUM)*”?. 
e Various histories of various programs (such as the recent lists). 
e Various logs 
e The free (unallocated) space of your hard drive*”’. 
e Secure deletion of files 
e Secure wiping of USB drives 


Both these utilities can delete files and can overwrite the free space after deletion to improve secure deletion even 
on SSD drives. Remember this can reduce the lifespan of your SSD drives a bit. 


Appendix |: Using ShredOS to securely wipe an HDD drive: 
Several utilities are recommended (like the old unmaintained DBAN*” or System Rescue CD (https://www.system- 
rescue.org/ “'hve-or8])) for this but | will recommend the use of ShredOS. 


Feel free to go with DBAN instead if you want (using this tutorial: https://www.lifewire.com/how-to-erase-a-hard- 
drive-using-dban-2619148 “"*-°6l) the process is basically the same but will not work out of the box with UEFI 
laptops. 


If you want to go with System-Rescue, just head to their website and follow the instructions. 


Windows: 
e Download ShredOS from https://github.com/PartialVolume/shredos.2020.02 Archive ors] 
e Unzip the ISO file 
e Download Rufus from https://rufus.ie/ “hve! 
e Launch Rufus 
e Select the ShredOS IMG file 
e Write it to a USB key 
e When done, reboot and boot the USB key (you might have to go into your BIOS settings to change the boot 
order for this). 
e Follow the instructions on the screen 


e Follow instructions on https://github.com/PartialVolume/shredos.2020.02 Archive.orel 
Cin =) olele lr: ] alo ofolo) md al-MO N50 <cNV] 


472 Wedium.com, The Windows USN Journal https://medium.com/velociraptor-ir/the-windows-usn-journal-f0c55c9010e Scribe." 
VN aY\Vmeol g4 | 


473 Medium.com, Digging into the System Resource Usage Monitor (SRUM) https://medium.com/velociraptor-ir/digging-into- 
the-system-resource-usage-monitor-srum-afbadb1a375 Scribe-rip] [Archive.org] 

474 SANS, Timestamped Registry & NTFS Artifacts from Unallocated Space https://www.sans.org/blog/timestamped-registry-ntfs- 
artifacts-from-unallocated-space/ [A'chive.orel 


475 DBAN, https://dban.org/ [Archive.org] 
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e Follow the instructions on the screen 


Appendix J: Manufacturer tools for Wiping HDD and SSD drives: 
Always check your laptop BIOS/UEFI for native utilities first. 


Be sure to use the right wipe mode for the right disk. Wipe and Passes are for HDD drives. There are specific 
options for SSD drives (such as ATA Secure Erase or Sanitize). 


Unfortunately, most of these tools are Windows only. 


Tools that provide a boot disk for wiping from boot: 
e SanDisk DashBoard: https://kb.sandisk.com/app/answers/detail/a_id/15108/~/dashboard-support- 
information Mrchive.crel 
e Seagate SeaTools: https://www.seagate.com/support/downloads/seatools/ "hive ore] 
e Samsung Magican: https://www.samsung.com/semiconductor/minisite/ssd/download/tools/ “hve o's) 
e Kingston SSD Manager: https://www.kingston.com/unitedstates/en/support/technical/ssdmanager "hive.or] 
e Lenovo: 
o Most likely native utility available within the BIOS/UEFI, please check 
o Drive Erase Utility: https://support.lenovo.com/us/en/downloads/ds019026-thinkpad-drive-erase- 
utility-for-resetting-the-cryptographic-key-and-erasing-the-solid-state-drive-thinkpad Archer] 
e Crucial Storage Executive: https://www.crucial.com/support/storage-executive “r’chive.ors] 
e Western Digital Dashboard: https://support.wdc.com/downloads.aspx?p=279 Mrchive ovel 
e HP: Follow instructions on https://store.hp.com/us/en/tech-takes/how-to-secure-erase-ssd [Archive-ore] 
e Transcend SSD Scope: https://www.transcend-info.com/Support/Software-10/ *chive-ors] 
e Dell: 
o Most likely native utility available within the BIOS/UEFI, please check 
https://www.dell.com/support/kbdoc/en-us/000134997/using-the-dell-bios-data-wipe-function-for- 
optiplex-precision-and-latitude-systems-built-after-november-2015?lwp=rt rchive.ore] 


oye) |smaar-)em o)ae)vulel-melalivacie) ©) ole)ammiae)samaulalalial-m Om Gxe)em=>.4u-1ear-] me] aN\.215) F 
e Toshiba Storage Tools: https://www.toshiba-storage.com/downloads/ 'chive-crs] 


Appendix K: Considerations for using external SSD drives 

| do not recommend using external SSDs due to the uncertainty about their support for Trim, ATA Secure Erase, 
and Sanitize options through USB controllers. Instead, | recommend using external HDD disks which can be 
cleaned/wiped safely and securely without hassle (albeit much slower than SSD drives). 


Please do not buy or use gimmicky self-encrypting devices such as these: 
https://syscall.eu/blog/2018/03/12/aigo_part1/ “rhiveors] 


Some might be very efficient*”° but many are gimmicky gadgets. 


If you want to use an external SSD drive for sensitive storage: 
e Please consider the support for: 
o Trim operations and ATA/NVMe secure erase operations from your Laptop USB controller. 
o Trim operations and ATA/NVMe secure erase operations from your USB SSD disk itself. 
e Always use full disk encryption on those disks 
e Use the manufacturer-provided tools to securely erase them if possible (see Appendix K: Considerations 
for using external SSD drives). 
e Consider manually wiping data on them after use by doing a full decryption/encryption or filling them 
completely with random data. 


476 NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes 
https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html Archive.ors] 
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Windows: 


Trim Support: 
It is possible Windows will detect your external SSD properly and enable Trim by default. Check if Optimize Works 
using the Windows Native disk utility as explained in the internal SSD section of Windows. 


PNP VANWAN/ Kom @) ol-lachalelaice (s\ele0 | aoe al e-]-Y ast) av NP 4>) 

Use the manufacturer-provided tools to check and perform these operations ... It is pretty much the only way to be 
sure it is not only supported but actually works. Some utilities can tell you whether it is supported or not like 
CrystalDiskInfo*”’ but will not actually check if it is working. See Appendix J: Manufacturer tools for Wiping HDD and 
SSD drives. 


If it does not work. Just decrypt and re-encrypt the whole drive or fill up the free space as instructed in the guide. 
There is no other way AFAIK. Besides booting up a System Rescue Linux CD and see the next section. 


Linux: 


aiaiaamsielo)elelaw 
Follow this good tutorial: https://www.glump.net/howto/desktop/enable-trim-on-an-external-ssd-on-linux 4"hive.ors] 


PND VANWAN/ Kom @) ol=lachalelaicm (s\elee aoe al e-ls-Y as) N14 74>) 

It is not “recommended”. Please read the disclaimers here 
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase "*h'e-o'e] and here 
https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing “"""*-"é! 


But this seems to be based on anecdotal experiences. So, if you are sure your external SSD supports Trim (see 
vendor documentation). You could just try at your own risk to use nvme-cli or hdparm to issue secure erases. 


See also this tutorial https://code.mendhak.com/securely-wipe-ssd/ Archive ove] 


Your mileage may vary. Use at your own risk. 


macOS: 


Trim Support: 
According to Apple Documentation*”’, Trim is supported on APFS (asynchronously) and HFS+ (through period trim or 
lifes] (e) B 


So, if it is supported (and enabled on your external SSD), you should be able to issue a Trim on a non-APFS drive 
using Disk Utility and First Aid which should issue a Trim. 


iN ZoLU lace LIS) exci] 0) oXo) acca a ol U] mula (SM aVelan-lar-]o)(=1oM lam aat-(a Oyun Cole ecole] (om davaix10] [alcar-lmmcU LoCo ua lenlco)aeom=Jar-]o)(-waeo)aalear-lavemige)ag) 
the Terminal and see if it enables Trim on your external SSD. And then again check the first aid command if it is not 
APFS (see this Tutorial for info https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789 [Archive orel) 


If it does not work, | am not aware of any reliable method to enable TRIM besides the commercial utility Trim 
Enabler here https://cindori.org/trimenabler/ ’*°'8] which claims support for external drives. 


NW AVAN AN Kom ©) ol=1g~ ele) aicm (s\o1e10] ko ol W-Is-Y ast] ad 4-) 

lam not aware of any method of doing so reliably and safely on macOS. So, you will have to try one of these options: 
e Use a bootable System Rescue USB Linux to do it 
e Just decrypt and re-encrypt the drive using Disk Utility or Veracrypt 
e Fill up the free space of the disk using the Linux method (dd) 


477 CrystalDiskInfo https://crystalmark.info/en/software/crystaldiskinfo/ Archive. ore] 
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Appendix L: Creating a mat2-web guest VM for removing metadata from files 
Download the latest Debian testing amd64 netinst ISO from https://www.debian.org/CD/netinst/ Achiveors! 


(Get testing to get the latest mat2 release, stable is a few versions back) 


This is very lightweight, and | recommend you do it from a VM (VM inside a VM) to benefit from Whonix Tor 
Gateway. While it is possible to put this VM directly behind a Whonix Gateway. Whonix will not easily (AFAIK) allow 
communications between VMs on its network by default. 


You could also just leave it on Clearnet during the install process and then leave it on the Host-Only network later. 


Or install it from a VM within a VM then move it to host OS for Host-Only usage: 


Create a new machine with any name like mat2 

Select Linux as Type 

Select Debian (64-bit) as Version 

Leave the default options and click create 

Select the VM and click Settings 

Select System and disable the Floppy disk on the Motherboard tab 

ISY=) (=Y 01 W aY=Ml 24 0 0L=1S50) am ere] of] ave M=Vae] 0) (my VVAND 4 

Select Audio and disable Audio 

SY=1(=Xo1 ml OfS) 5 ¥-] aloe | y-] 0) (md al-MON)sevolaldge)| (1g 

Select Storage and select the CD drive to mount the Debian Netinst ISO 

Select Network and Attach to NAT 

Launch the VM 

Select Install (not Graphical install) 

Select Language, Location, and Keyboard layout as you wish 

Wait for the network to configure (automatic DHCP) 

Pick a name like "Mat2" 

Leave the domain empty 

Set a Root password as you wish (preferably a good one still) 

Create a new user and password as you wish (preferably a good one still) 

Select the Time Zone of your choice 

Select Guided - Use the entire disk 

Select the only ask available 

Select All files in one partition 

Confirm and write changes to the disk 

Select NO to scan any other CD or DVD 

Select any region and any mirror of your choice and leave proxy blank 

Select no to take part in any survey 

Select only System Standard Utilities (uncheck everything else) 

Select Yes to install GRUB bootloader 

Y=) (=Youmy Aol=\V7 Axe F-We-lalomecelalaialer=) 

Complete the install and reboot 

Log in with your user or root (you should never use root directly as a best security practice but in this case, it 
is “okay") 

Update your install by running “su apt upgrade ’~ (but it should be upgraded since it is a net install) 
Install the necessary packages for mat2 by running “su apt install ffmpeg uwsgi python3-pip uwsgi-plugin- 
python3 librsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi ~ 

(CoM Kola T-WAVE] PAWAWAWACe [I ReXe1ke) AVzO\’AldU [al allay =ammm exe WW AVE-] # ANYANYAWY] Ane 

Clone mat2-web from the mat2-web repository by issuing ‘git clone https://Oxacab.org/jvoisin/mat2- 
web.git 

Create a directory for uploads by running “mkdir ./mat2-web/uploads/*~ 

Give permissions to Apache2 to read the files by running “chown -R www-data:www-data ./mat2-web’~ 
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e Enable apache2 uwsgi proxy by running **/usr/sbin/a2enmod proxy_uwsgi 

an ©) ofz4a-Yol-o)] 0M ova avlalaliay:ammmy oN’Avale) aloueianm el] oM|akci-)| mo)] odecl 0] o}-4e-\o(- tam 

e Install some python modules by running ~python3 -m pip install flasgger pyyaml flask-restful flask cerberus 
flask-cors jinja2~ 

Cen \VenV{-M nou ay=M oo) a) if-mol] q=Yoixe) aVAo) im oaT-] 2m Vag 0] ala) aycammm xo WW AVZ-] @ AVAWAW TA 0-142) 0) Kec) 0] 1124 an 

e Copy the apache2 config file to etc by running **cp apache2.config /etc/apache2/sites- 
enabled/apache2.conf 

e Remove the default config file by running “rm /etc/apache2/sites-enabled/000-default.conf 

e Edit the apache2 config file provided by mat2-web by running **nano /etc/apache2/sites- 
enabled/apache2.conf 

e Remove the first line “Listen 80°~ 

e Change the uwsgi path from **/var/www/mat2-web/mat2-web.sock™™ to ~*/run/uwsgi/uwsgi.sock~ and 
save/exit 

Cin Go) oa aTeMUN Usted ovo) ay foam (Mm KeM=100m ONA AU] pall aycammmrel OM UN AI24 MoCo) ay dlcayA=1 Key AULNVES%4) A] 9) olcex=l ate] o] (=e AUN) 12410] Dam 

e Edit the uwsgi config file and change uid and guid to “nobody and “*nogroup ~ 

e Run~chown -R 777 /var/www/mat2-web ~ 

e Restart uwsgi by running ~’systemctl restart uwsgi ~~ (there should be no errors) 

e Restart apache2 by running ~systemctl restart apache2°~ (there should be no errors) 

e Now change the network settings of the VM to “Host Only Network’ 

e Reboot the VM 

e Log into the VM and type ip a to note the IP address it was assigned. 

e From the VM Host OS open a Browser and go to the IP of your Debian VM (for example http://192.168.1.55) 

e You should now see a Mat2-Web website running smoothly 

e Shutdown the Mat2 VM by running “shutdown -h now” 

e Take a snapshot of the VM within Virtualbox 

e Restart the Mat2 VM and you are ready to use Mat2-web to remove metadata from most files 

e After use, shut down the VM and revert to the snapshot to remove traces of the uploaded files 

e This VM does not require any internet access unless you want to update it in which case you need to place it 
oy-\ol rola dal=w\ Wim al -aanvio)a @r-laleMo(om dal -Mal=).4 ms] X=] ole 

e For updates of Debian, start the VM and run “apt update’ followed by “apt upgrade ~ 

e For updates of mat2-web, go to /var/www/mat2-web and run “git pull” 

e After updates, shutdown, place it back on the Host Network, take a new snapshot, remove the earlier one. 


You are done. 


Now you can just start this small mat2 VM when needed, browse to it from your Guest VM and use the interface to 
remove any metadata from most files. 


After each use of this VM, you should revert to the Snapshot to erase all traces. 


Do not ever expose this VM to any network unless temporarily for updates. This web interface is not suitable for 
any direct external access. 


pNeoyel=1ale) @l\V/Pal=1 © SAC) oll me) ola(e)alcmne mY el- Melis) «om lam\s<]alele msi a-larels 
Here are some links on how to securely wipe your drive (HDD/SSD) from the BIOS for various brands: 
e Lenovo ThinkPads: https://support.lenovo.com/be/en/solutions/migr-68369 "hive.ore] 
e HP (all): https://support.hp.com/gb-en/document/c06204100 ['chive.crs] 
e Dell (all): https://www.dell.com/support/kbdoc/en-us/000146892/dell-data-wipe Achive.ors] 
e Acer (Travelmate only): https://us.answers.acer.com/app/answers/detail/a_id/41567/~/how-to-use-disk- 
sanitizer-on-acer-travelmate-notebooks *chive-crs] 
e Asus: no option AFAIK except maybe for some ROG models. 
Cen Gi |=4-] 0)Vin ou aloo) ola(o)a WV e/-V 1.4 
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e Huawei: no option AFAIK 


Appendix N: Warning about smartphones and smart devices 
When conducting sensitive activities, remember that: 

e You should not bring your real smartphone or smart devices with you (even turned off). Correlation 
attacks are possible on the Cell Networks to find which phone “turned off” before your burner phone 
“turned on”. While this might not work the first time, after a few times, the net will tighten, and you will get 
compromised. It is better to leave your main smartphone at home online (see this article (Russian, use 
Google Translate link): https://biboroda.livejournal.com/4894724. html !Seo8'e Translate] [Archive.org}) 

e Again, do not take them with you unless it is absolutely necessary. If you really must, you could consider 
powering it off and removing the battery or, if not possible, the use of a faraday cage*”* bag to store your 
devices. There are many such faraday “signal blocking” bags available for sale and some of these have been 
studied*”? for their effectiveness. If you cannot afford such bags, you can probably achieve a “decent result” 
with one or several sheets of aluminum foil (as shown in the previously linked study). 

o Warning: consider that sensor data itself can also be reliably used to track you*8” 4%, 
e Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or 
something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also 
create digital traces that could indicate you were at home. 


Lastly, you should also consider this useful sheet from the NSA about Smartphone security: 
https://web.archive.org/web/20210728204533/https://s3.documentcloud.org/documents/21018353/nsa- 
rake) o)} (tre (=V1 (o-oo 1} nel ol e-Lold(o-\- ole | 


Note: Please do not consider commercial gimmicky all-in devices for anonymity. The only way to achieve proper 
OPSEC is by doing it yourself. See those examples to see why it is not a clever idea: 
e ANOM: https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring- 
surveillance-sting-in-history “"he-°'e) 
e Encrochat: https://en.wikipedia.org/wiki/EncroChat !Wikless] [Archive.org] 
e Sky ECC: https://en.wikipedia.org/wiki/Sky_ECC 'W'kiless) [Archive.org] 


You should never rely on some external commercial service to protect your anonymity. 


Appendix O: Getting an anonymous VPN/Proxy 

iMVZOLU Ke) Kon WA aa Nvarse N(x COLO MUTI |=) eM als\=xeBr-MAVAmN SLO] esol] old(olamelUimndalcmalaat=myZelOMnUl| Malcr-lom-lam-larelan Zaseleme)al-maar la 
cannot be tied to you by the financial system. Meaning you will need to buy a VPN subscription with cash or a 
reasonably private cryptocurrency (Monero). You will later use this VPN to connect to the various services 
anonymously but never directly from your IP. 


There are, IMHO, two viable options: 


Cash/Monero-Paid VPN: 


There are three VPN companies recommended by PrivacyGuides.org (https://privacyguides.org/providers/vpn/ 
Archive orel) that accept cash payments: Mullvad, iVPN, and ProtonVPN. 


In addition, | will also mention a newcomer to watch: Safing SPN https://safing.io/ “""”*-°"8!) which (while still in the 
alpha stage at the time of this writing) which also accepts cash and has a very distinct new concept for a VPN which 


478 Wikipedia, Faraday Cage, https://en.wikipedia.org/wiki/Faraday_cage 'Wikiless] [Archive.org] 
473 Edith Cowan University, A forensic examination of several mobile device Faraday bags & materials to test their effectiveness 


materials to test their effectiveness https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf Archive-orel 


480 @ Niel aY\V-Mol 94 | 


arXiv, Deep-Spying: Spying using Smartwatch and Deep Learning https://arxiv.org/abs/1512.0561 
481 Acm.org, Privacy Implications of Accelerometer Data: A Review of Possible Inferences 
https://dl.acm.org/doi/pdf/10.1145/3309074.3309076 Archive ore] 
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provides benefits similar to Tor Stream isolation with their “SPN”). Note that Safing SPN is not available on macOS at 
the moment. This possibility is “provisional” and at your own risk, but | think was worth mentioning. 


Personally, for now, | would recommend Mullvad due to personal experience. 


| would not recommend ProtonVPN as much because they do require an e-mail for registration unlike Mullvad, 
iVPN, and Safing. 


How does this work? 

e Access the VPN website with a Safe Browser (see Appendix G: Safe Browser) 

e Goto iVPN, Mullvad, or Safing website and create a new Account ID (on the login page). 

e This page will give you an account ID, a token ID (for payment reference), and the details of where to send 
id at=m eae) at=\val o)Val ofess i 

e Send the required cash amount for the subscription you want in a sealed postal envelope to their offices, 
including a paper with the Token ID without a return address, or pay with Monero if available. If they do not 
F-Yolot=1 0) ml \V/ (0) al=1qoyl oLU) axe (oMr-[o(-) 0) mu sil M Ormco) alsy(o(=1 ay -V0) ol=) ale |) ayn xe halatearel alo) any aalelUsl Molalla mildest he 

e Wait for them to receive the payment and enable your account (this can take a while). 

e Open Tor Browser. 

e Check your account status and proceed when your account is active. 


For extra-security consider: 
CMAN -¥-Va lated (NYS all (eMaat-lall lel eclalat-aeclanvadallay-maem-hVce) (eM (-Y-\Valalemilay-<-1a lalalecwammrlate cole (ola B)\ ana 
e Do not use any material/currency that was manipulated by someone that can be related to you in any way. 
e Do not use the currency you just got from an ATM that could record dispensed bills serial numbers. 
e Be careful if you print anything that it is not watermarked by your printer (See Printing Watermarking). 
e Donot lick the envelope or the stamps* if you use them to avoid leaving DNA traces. 
e Make sure there are no obvious DNA traces in or on the materials (like hairs). 
Wn Co) ake (=) anole) | atm a atomvdare)( Mo) ol-1e-1u(e)amelvine (ole) mvomc-lolU (om ual-mak) «mel ma=i(ol0l-] MD) \/-Wag-lo mi celaa ollie 
environment or you contaminating the materials. 


Do not in any circumstance use this new VPN account unless instructed or connect to that new VPN account using 
your known connections. This VPN will only be used later in a secure way as we do not trust VPN providers’ “no- 
logging policies”. This VPN provider should ideally never know your real origin IP (your home/work one for 

aki: 1ale=) 


Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux): 
The other alternative is setting up your own VPN/Proxy using a VPS (Virtual Private Server) on a hosting platform 
that accepts Monero (recommended). 


This will offer some advantages as the chances of your IP being block-listed somewhere are lower than known 
VPN providers. 


This does also offer some disadvantages as Monero is not perfect as explained earlier in this guide and some global 
adversaries could maybe still track you. You will need to get Monero from an Exchange using the normal financial 
system and then pick a hosting (list here https://www.getmonero.org/community/merchants/#exchanges "chive-ors]) 
or from a local reseller using cash from https://localmonero.co. 


Do not in any circumstance use this new VPS/VPN/Proxy using your known connections. Only access it through 
Tor using Whonix Workstation for instance (this is explained later). This VPN will only be used later within a 
Virtual Machin over the Tor Network in a secure way as we do not trust VPN providers' “no-logging policies”. This 
VPN provider should never know your real origin IP. 


482 YouTube, Fingerprinting Paper - Forensic Education https://www.youtube.com/watch?v=sO98kDLkh-M nviious] 
483 Wikipedia, Touch DNA, https://en.wikipedia.org/wiki/Touch_DNA /Wikiless] [archive.org] 
484 TheDNAGuide, DNA from Postage Stamps or Hair Samples? Yeeesssss..... https://www.yourdnaguide.com/ydgblog/dna-hair- 


samples-postage-stamps [A’chive-cre] 
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Please see Appendix A1: Recommended VPS hosting providers 


VPN VPS: 
There are plenty of tutorials on how to do this like this one https://proprivacy.com/vpn/guides/create-your-own- 
vpn-server [Archive.org] 


Socks Proxy VPS: 
This is also an option obviously if you prefer to skip the VPN part. 


It is probably the easiest thing to set up since you will just use the SSH connection you have to your VPS and no 
further configuration should be required besides setting the browser of your guest VM to use the proxy in question. 


Here are a few tutorials on how to do this very quickly: 
e (Windows/Linux/macOS) https://linuxize.com/post/how-to-setup-ssh-socks-tunnel-for-private-browsing/ 
[Archive org] 
e (Windows/Linux/macOS) https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic- 
securely-without-a-vpn-using-a-socks-tunnel ’chive.ors] 
e (Windows) https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/ Archve-crel 
e (Linux/macOS) https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/ “chive ore] 


Here is my basic tutorial: 


Linux/macOS: 
Here are the steps: 
e Get your anonymous VPS set-up 
e Froma terminal, SSH to your server by running: “ssh -i ~/.ssh/id_rsa -D 8080 -f -C -q -N 
username@ip_of_your_server ~ 
e Configure your browser to use localhost:8080 as a Socks Proxy for Browsing 
e Done! 


Explanation of arguments: 
e -i: The path to the SSH key to be used to connect to the host 
e  -D: Tells SSH that we want a SOCKS tunnel on the specified port number (you can choose a number between 
1025 and 65536) 
e _-f: Forks the process to the background 
e -C: Compresses the data before sending it 
Cie POL =o [6] (1m galore =) 
e = -N: Tells SSH that no command will be sent once the tunnel is up 


Windows: 

Here are the steps: 
e Get your anonymous VPS set-up 
© Download and install Putty from https://www.putty.org/ “*hive-cre) 
e Set the following options in Putty and connect to your server 
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& PuTTY Configuration 


Category: 


| Keyboard Options controlling SSH port forwarding 
Bell 
Features 

|} Window [ ] Local ports accept connections from other hosts 
Appearance [_] Remote ports do the same (SSH-2 only) 
Behaviour 

~ Translation 
++: Selection 

Colours 

| =} Connection | 


Data 
Proxy Add new forwarded port: 


Telnet Source port 8080 
Rlogin 


=|} SSH Destination 


Kex = =e — 
fy rey (@) . 
Host keys () Local (_) Remote (@) Dynamic 


Cipher (@) Auto () IPv4 () IPv6 
-} Auth 
TTY 
~K1 
Tunnels 
Bugs 
More bugs 


i. Serial 


Port forwarding 


Forwarded ports: Remove 





'D8080 


























About Cancel 


e Connect to your VPS using those settings 
Cn Co) ay i240] g-mnYL0]0] am) x0)" A1-1 a OMY [oLer-] | aloss\ mts] 0) <1 0 r-\c¥r- soll <M 21g 0).4V] 
e Done! 


Appendix P: Accessing the internet as safely as possible when Tor and VPNs are 


fate) ar-] aie) elale)a 
USE EXTREME CAUTION: THIS IS HIGHLY RISKY. 


There might be worst-case situations where using Tor and VPNs are not possible due to extensive active censorship 
or blocking. Even when using Tor Bridges (see Appendix X: Using Tor bridges in hostile environments) 


Now, there might also be situations where simply using Tor or a VPN alone could be suspicious and could be 
dangerous for your safety. If this is the case, you could be in a very hostile environment where surveillance and 
control are high. 


But you still want to do something anonymously without disclosing/leaking any information. 
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In that case, my last resort recommendation is to connect safely from a distance to a Public Wi-Fi (See Find some 
safe places with decent public Wi-Fi) using your laptop and Tails “unsafe browser”. See 
https://tails.boum.org/contribute/design/Unsafe_Browser/ [rchive.ore], 


If Tor usage alone is suspicious or risky, you should NOT allow Tails to try establishing a Tor connection at start-up 
by doing the following: 

e Atstartup open the Additional Settings. 

e Enable Unsafe Browser. 

e Change the Connection from Direct to “Configure a Tor Bridge or Local Proxy” 

e After Start-up, Connect to a safe Network 

e When prompted, just quit the Tor Connection Wizard (to not establish a Tor connection) 

e Start and use the Unsafe Browser 


| would strongly recommend the use of a long-range “Yagi” type directional Antenna with a suitable USB Wi-Fi 
Adapter. At least this will allow you to connect to public Wi-Fis from a “safe distance” but keep in mind that 
triangulation by a motivated adversary is still possible with the right equipment. So, this option should not be 
used during an extended period (minutes at best). See Appendix Q: Using long-range Antenna to connect to Public 
Wi-Fis from a safe distance. 


Using Tails should prevent local data leaks (such as MAC addresses or telemetry) and allow you to use a Browser to 
get what you want (utilities, VPN account) before leaving that place as fast as possible. 


You could also use the other routes (Whonix and Qubes OS without using Tor/VPN) instead of Tails in such hostile 
environments if you want data persistence but this might be riskier. | would not risk it personally unless there was 
absolutely no other option. If you go for this option, you will only do sensitive activities from a reversible/disposable 
VM in all cases. Never from the Host OS. 


If you resort to this, please keep your online time as short as possible (minutes and not hours). 

Be safe and extremely cautious. This is entirely at your own risk. 

Consider reading this older but still relevant guide https://archive.flossmanuals.net/bypassing-censorship/index.html 
[Archive org] 

Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe 


distance: 
It is possible to access/connect to remote distant Public Wi-Fis from a distance using a cheap directional Antenna 
that looks like this: 
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These antennas are widely available on various online shops for a cheap price (Amazon, AliExpress, Banggood ...). 
The only issue is that they are not discrete, and you might have to find a way to hide it (for instance in a Poster 
cardboard container in a Backpack). Or in a large enough Bag. Optionally (but riskier) you could even consider using 
it from your home if you have a nice Window view to various places where some Public Wi-Fi is available. 


Such antennas need to be combined with specific USB adapters that have an external Antenna plug and sufficiently 
high power to use them. 


| would recommend the AWUS036 series in the Alfa brand of adapters (see https://www.alfa.com.tw/ “""-°'8/), 
But you could also go with some other brands if you want such as the TP-Link TL-WN722 (see 


See this post fora coat ee of various adapters: https://www.wirelesshack.org/best-k inux-compatible-u 
adapter-dor ! (Usually those antennas are ee Br Penetration Testers ive) BrGbe Wi-Fis from a 
aieeanee antl are often discussed within the scope of the Kali Linux distribution). 


The process is simple: 

e Plugin and install your USB adapter on your Host OS. 

e Do not forget to randomize your MAC Address in case you bought this adapter online to prevent 
traceability (this is enabled by default in Tails). 

e Connect the Long-Range Antenna to the USB adapter (in place of the supplied one). 

e Get to a convenient spot where you have a distant view of a place with Public Wi-Fi available (this can be a 
rooftop for instance), but you could also imagine hiding the Antenna in some bag and just sit on a bench 
somewhere. 

Cen ze) [al midal=m D)iac-veid(o)at-]W-Valnclalar-Miamaaiomelig-veid(e)ameyamaal-mo0]e) (om Aiba g e 

e Connect to the Wi-Fi of your choice. 
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DYoM aYoy mm co) g:4-1 mm dale della aal MUTI me)a) \ame(-)F-\ar-Manlelalvccin-tomr-LelV-lay-Taem Kelli mest -dar-] Mer-lael-Mdat-lay-AUlr-la-e M=r-1y] Val) Ar] 
motivated adversary in a matter of minutes once they reach the physical location of the Wi-Fi you’re connecting 
to (for instance using a device such as AirCheck https://www.youtube.com/watch?v=8FV2QZ1BPnw "404s! also 
see their other products here https://www.netally.com/products/ '“"""°-°'s!), These products can easily be 
deployed on mobile units (in a Car for instance) and pinpoint your location in a matter of minutes. 


Ideally, this should “not be an issue” since this guide provides multiple ways of hiding your origin IP using VPNs and 
Tor. But if you are in a situation where VPN and Tor are not an option, then this could be your only security. 


Appendix R: Installing a VPN on your VM or Host OS. 
Download the VPN client installer of your cash paid VPN service and install it on Host OS (Tor over VPN, VPN over Tor 
over VPN) or the VM of your choice (VPN over Tor): 

e Whonix Tutorial (should work with any VPN provider): 
https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor 4he--rél (use the Linux 
configurations below to get the necessary configuration files) 

e Windows Tutorials: 

o Mullvad: https://mullvad.net/en/help/install-mullvad-app-windows/ [Archive ore] 

o  iVPN: https://www.ivpn.net/apps-windows Mrchive-crs] 

o Safing: https://docs.safing.io/portmaster/install/windows [’hive.orel 

© ProtonVPN: https://protonvpn.com/support/protonvpn-windows-vpn-application/ “*hive.orel 
e = macOS: 

o Mullvad: https://mullvad.net/en/help/install-and-use-mullvad-app-macos/ "hive ove] 

o IVPN: https://www.ivpn.net/apps-macos/ 'chive.crs] 

o  Safing: Not available on macOS 

© ProtonVPN: https://protonvpn.com/support/protonvpn-mac-vpn-application/ *hve-orel 


o Mullvad: https://mullvad.net/en/help/install-mullvad-app-linux/ “"hive-o] 
o  iVPN: https://www.ivpn.net/apps-linux/ 4hve-ore) 

o  Safing: https://docs.safing.io/portmaster/install/linux Archiveorel 

o ProtonVPN: https://protonvpn.com/support/linux-vpn-setup/ *hive.ore] 


Taal oxe)ae= lala aloln-bam Kol ao(ol=t-malolm@yelo) ole) am O)D) -mw-late Mtoe my aLole] (eMUly-Mu hGl om lacia-t-leMiidaMda(-MAod) Moll (-lalm lam dal-iN Ke) me) -le 
VPN cases (on the VMs). 


In all cases, you should set the VPN to start from boot and enable the “kill switch” if you can. This is an extra step 
since this guide proposes solutions that all fall back on the Tor network in case of VPN failure. Still recommended 
IMHO. 


Here are some guides provided by the recommended VPN providers in this guide: 
e Windows: 
o  iVPN: https://www.ivpn.net/knowledgebase/general/do-you-offer-a-kill-switch-or-vpn-firewall/ 
[Archive org] 
o  ProtonVPN: https://protonvpn.com/support/what-is-kill-switch/ “chive ors] 
o Mullvad: https://mullvad.net/en/help/using-mullvad-vpn-app/#killswitch 4'chve-orel 
e Whonix Workstation: Coming Soon, it is certainly possible, but | did not find a suitable and easy tutorial yet. 
It is also worth remembering that if your VPN stops on Whonix, you will still be behind the Tor Network. 
e macOS: 
o Mullvad same as Windows, the option should be in the provided VPN client 
o iVPN same as Windows, the option should be in the provided VPN client 
o ProtonVPN same as Windows with the client, the option should be in the provided VPN client 
https://protonvpn.com/blog/macos-vpn-kill-switch/ "chive-orel 
e Linux: 
o Mullvad: 
= https://mullvad.net/en/help/wireguard-and-mullvad-vpn/ [rchive.orel 
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# https://mullvad.net/en/help/linux-openvpn-installation/ Arhve-ors! 
oO ProtonVPN: https://github.com/ProtonVPN/linux-cli/blob/master/USAGE.md#kill-switch Archve-crel 
oOo IVPN: 
= https://www.ivpn.net/knowledgebase/linux/linux-wireguard-kill-switch/ “rchve-crel 
= https://www.ivpn.net/knowledgebase/linux/linux-kill-switch-using-the-uncomplicated- 
firewall-ufw/ rchive.orel 


Appendix S: Check your network for surveillance/censorship using OONI 


So, what is OONI? OONI stands for Open Observatory of Network Interference and is a sub-project of the Tor 
Project?®°, 


First OONI will allow you to check online for surveillance/censorship in your country just by looking at their Explorer 
that features test results from other people. This can be done here: https://explorer.ooni.org/ 


But these tests are limited and could not apply to your personal situation. If that is the case, you could consider 
ravlavaliay-mdat-m@l@)\| age) oY-molelac-limr-laleMaUlalaliay-mdaromneciM elo] a= e 


The problem is that your network providers will be able to see those tests and your attempts at connecting to 
various services if the network is monitored. The other issue is that there are solutions to prevent OONI from 
working properly*®. 


VVAaVIC=Mm dal anl(s4 nian ale) ol=milanl ole) ae-lalmlamr-Marelanar-]M=)anvdlaelalaalsyalemaal(sMocele] (eM olU] m\olUb- 1m als) allamr-lareysiai(=M-)a)Ulne)alaal-lal mayen 
running these tests can be risky. 


If you are in such a hostile environment where you suspect network activity is actively monitored and the simple 
fact of trying to access some resources can put you at risk, you should take some precautions before even 
attempting this: 
e Donotrun the tests from your home/work network. 
e Donotrun these tests from a known device or a smartphone but only for a secured OS on an ideally 
dedicated laptop. 
© You will not be able to do this from Tails as Tails will try to connect to Tor by default 
o You should only do this with the Qubes OS route or the Whonix Route of this guide after 
completing one of the routes. 
e Only consider running these tests quickly from a Public Wi-Fi from a safe distance (see Appendix P: 
Accessing the internet as safely as possible when Tor and VPNs are not an option). 


The probe can be found here: https://ooni.org/install/ ""* °2! for various platforms (iOS, Android, Windows, 
maavele@syur- Jae mM alU)4 


Appendix T: Checking files for malware 
Integrity (if available): 


Usually, integrity checks*®° are done using hashes of files (usually stored within checksum files). Older files could use 
CRC*8’, more recently MD5** but those present several weaknesses (CRC, MD5“°’) that make them unreliable for file 


integrity checks (which does not mean they are not still widely used in other contexts). 


This is because they do not prevent Collision*”° well enough and could allow an adversary to create a similar but 


malicious file that would still produce in the same CRC or MD5 hash despite having different content. 


485 GitHub, Mhinkie, OONI-Detection https://github.com/mhinkie/ooni-detection A”hive 08! 

486 Wikipedia, File Verification https://en.wikipedia.org/wiki/File verification 'Wikiess] [Archive org] 

487 Wikipedia, CRC https://en.wikipedia.org/wiki/Cyclic_redundancy_check ikiless] [Archive org] 

488 Wikipedia, MDS https://en.wikipedia.org/wiki/MD5 'Wikiless] [Archive.org] 

489 Wikipedia, MD5 Security https://en.wikipedia.org/wiki/MD5#Security /ikless] [Archive.org] 

490 Wikipedia, Collisions https://en.wikipedia.org/wiki/Collision_(computer_science) Wikies] [Archive.org] 


Page 208 of 243 








MM aveM mlineialall¢-leecn G10) (e(-men@)alilalew-Valeyanzanlia’s 


For this reason, it is usually recommended to use SHA-based**! hashes and the most used is probably the SHA-2492 
based SHA256 for verifying file integrity. SHA is much more resistant to collisions*”? than CRC and MDS. And 
collisions with SHA256 or SHA512 are rare and hard to compute for an adversary. 


If a SHA256 checksum is available from the source of the file, you should not hesitate to use it to confirm the 
integrity of the file. 


Oi alsmel alate. <0] 0a) alll] (om iust=) hm el-M-lUhdal=\alucorein-YoyAuguicin-tom-) atom) aloe] (ol oY-Me\"Z-Vil-]e)(-mige)aamclamcleiuar-laiuleciactoVAaaUkiu-tomctel0] qe 
(obviously you should not trust a file just because it has a checksum attached to it alone). 


In the case of this guide, the SHA256 checksums are available for each file including the PDFs but are also 
authenticated using a GPG signature allowing you to verify the authenticity of the checksum. This will bring us to the 
next section about authenticity. 


So how to check checksums? (In this case SHA256 but you could change to SHA512 

e Windows*™: 
rommn ©) 1-1a-m Xelnalaat-lalemanelaalels 
o Run “certutil -hashfile filename.txt sha256°” (replace sha256 by shal or sha512 or md5) 
o Compare your result to one from a source you trust for that file 

e macOs**: 
o Opena Terminal 
o SHA: Run “*shasum -a 256 /full/path/to/your/file (replace 256 by 512 or 1 for SHA-1) 
o MD5: Run ‘md /full/path/to/your/file 
o Compare your result to one from a source you trust for that file 


Oo Opena Terminal 
o Run ~shasum /full/path/to/your/file’ (replace shasum by sha256sum, sha512sum or md5sum) 
o Compare your result to one from a source you trust for that file 


Remember that checksums are just checksums. Having a matching checksum does not mean the file is safe. 


Authenticity (if available): 

Integrity is one thing. Authenticity is another thing. This is a process where you can verify some information is 
authentic and from the expected source. This is usually done by signing information (using GPG*” for instance) using 
roLO] 0) [Kon <=nVAol aYZ ©) KoY=4-] 0) 0) eee 


Signing can serve both purposes and allow you to check for both integrity and authenticity. 
If available, you should always verify the signatures of files to confirm their authenticity. 


In essence: 
e Install GPG for your OS: 
o Windows: gpg4win (https://www.gpg4win.org/ “rchive-crel) 
© macOS: GPGTools (https://gpgtools.org/ Archive rs!) 
omen Male) cm iar) alole] (eM ol-m ela=riarcim-) | (Lom lamantessimel inal olbid ie) ars 


491 Wikipedia, SHA https://en.wikipedia.org/wiki/Secure_Hash_Algorithms 'Wikless] [Archive.org] 

492 Wikipedia, SHA-2 https://en.wikipedia.org/wiki/SHA-2 'Wikiless] [Archive.org] 

493 Wikipedia, Collision Resistance https://en.wikipedia.org/wiki/Collision_resistance !Wikiless] [Archive.org] 

494 GnuPG Gpg4win Wiki, Check integrity of Gog4win packages https://wiki.gnupg.org/Gpg4win/Checkintegrity A*hive-ors! 
485 Medium.com, How to verify checksum on Mac https://medium.com/@Evgenilvanov/how-to-verify-checksum-on-mac- 
988f166b0c4f [Scribe.rip] [Archive.org] 

496 Wikipedia, GPG https://en.wikipedia.org/wiki/GNU_Privacy_Guard !Wikless] [Archive.org] 


497 Wikipedia, Public-Key Cryptography https://en.wikipedia.org/wiki/Public-key_cryptography !ikless] [Archive.org] 
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e Download the Signature key from a trusted source. If someone is not giving you a key directly, you should 
check for multiple versions on other websites to confirm you are using the right key (GitHub, GitLab, Twitter, 
Keybase, Public Keys Servers...). 

e Import the trusted key (replace keyfile.asc by the filename of the trusted key): 

o Windows: 
= From a Command Prompt, Run *’gpg --import keyfile.asc~ 


o macOS: 
= Froma Terminal, Run “gpg --import keyfile.asc’~ 
o Linux: 


= Froma Terminal, Run ~ gpg --import keyfile.asc’™ 
e Verify the file signature against the imported (trusted) signature (replace filetoverify.asc by the signature file 
that was associated with the file, replace filetoverify.txt by the actual file to verify): 
o Windows: 
= Run’ gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt 
= The result should show the signature is good and match the trusted signature you imported 
earlier. 


= Run’ gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt 
= The result should show the signature is good and match the trusted signature you imported 
earlier. 


= Run’ gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt 
= The result should show the signature is good and match the trusted signature you imported 
earlier. 


For some other tutorials, please see: 
e https://support.torproject.org/tbb/how-to-verify-signature/ Archive.orel 
e https://tails.boum.org/install/vm-download/index.en.html "hve-o'8] (See Basic OpenPGP verification). 
e = https://www.whonix.org/wiki/Verify_the_Whonix_images chivecrs] 


All these guides should also apply to any other file with any other key. 


Security (checking for actual malware): 
Every check should ideally happen in sandboxed/hardened Virtual Machines. This is to mitigate the possibilities 
for malware to access your Host computer. 


Anti-Virus Software: 

You might be asking yourself, what about Anti-Virus solutions? Well, no ... these are not perfect solutions against 
many modern malware and viruses using polymorphic code*”®. But it does not mean they cannot help against less 
sophisticated and known attacks. It depends on how to use them as AV software can become an attack vector in 
itself. 


Again, this is all a matter of threat modeling. Can AV software help you against the NSA? Probably not. Can it help 
you against less resourceful adversaries using known malware? Probably. 


Some will just argue against them broadly like Whonix*”? but this topic is being discussed and disputed even at 
Whonix°*” by other members of their community. 


Contrary to popular myths perpetuating the idea that only Windows is subject to malware and that detection tools 
are useless on Linux and macOS: 


498 Wikipedia, Polymorphic Code https://en.wikipedia.org/wiki/Polymorphic_code !Wikiess] [Archive.org] 
499 \Whonix Documentation, Use of AV, 
https://www.whonix.org/wiki/Malware_and_Firmware_Trojans#The_Utility_of Antivirus Tools A*hive-crel 


500 Whonix Forums, https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8 Archive ore] 
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e Yes, there are viruses and malware for Linux?’ 902’ 9037504505 


e Yes, there are viruses and malware for macOS$°0’906507”508509 


My take on the matter is on the pragmatic side. There is still room for some AV software for some selective and 
limited use. But it depends on which one and how you use them: 
e Donot use AV software with real-time protection as they often run with administrator privileges and can 
become an attack vector. 
e Donot use Commercial AV software that uses any “cloud protection” or sends extensive telemetry and 
samples to their company. 
e Douse Open-Source non-real-time offline Anti-Virus/Anti-Malware tools as an added measure to scan some 
files such as: 
o Windows/Linux/macOS/Qubes OS: ClamAV (https://www.clamav.net/ "chive orel) 
o  Linux/Qubes OS: RFXN Linux Malware Detect (https://github.com/rfxn/linux-malware-detect 
[Archive orgl) 
o Linux/Qubes OS: Chkrootkit (http://www.chkrootkit.org/ “"hive.orel) 
e You could also use online services for non-sensitive files* such as VirusTotal 
(https://www.virustotal.com/gui/) or Hybrid-analysis (https://hybrid-analysis.com/). 
© You could also just check the VirusTotal database for the hash of your file if you don’t want to send it 
over (see https://developers.virustotal.com/v3.0/docs/search-by-hash "hve-o'8] (See the Integrity (if 
available): section again for guidance on how to generate hashes). 
o Other tools are also available for non-sensitive files and a convenient list is right here: 
https://github.com/rshipp/awesome-malware-analysis#online-scanners-and-sandboxes [A’hive ore] 


* Please be aware that while VirusTotal might seem very practical for scanning various files, their “privacy policy” 
is problematic (see https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy ""'e-°!) and 
states: 


“When you submit Samples to the Services, if you submit Samples to the Services, we will collect all of the 
Taicelaaatdicelamlamuaremsy-]anle)(-miect-) jmr-lave Mm lalce)aaat-id(e)am-)] ole]0| md al-M-Lotmre) m1] oan) iad] aya Laem 


So, remember that any document you submit to them will be kept, shared, and used commercially including the 
content. So, you should not do that with sensitive information and rely on various local AV scanners (that do not 
send samples online). 


So, if you are in doubt: 

e For non-sensitive files, | do encourage you to check any documents/images/videos/archives/programs you 
intend to open with VirusTotal (or other similar tools) because ... Why not? (Either by uploading or checking 
hashes). 

e For sensitive files, | would recommend at least an offline unprivileged ClamAV scan of the files. 


501 AV-Test Security Report 2018-2019, https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_ Security_Report_2018- 
2019.pdf Nol atone) a4| 
502 ZDNet, ESET discovers 21 new Linux malware families https://www.zdnet.com/article/eset-discovers-21-new-linux-malware- 





famil ies/ [Archive.org] 


503 NakeSecurity, EvilGnome — Linux malware aimed at your desktop, not your servers 
https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/ A’chive.ore] 
504 Immunify, HiddenWasp: How to detect malware hidden on Linux & loT https://blog.imunify360.com/hiddenwasp-how-to- 
detect-malware-hidden-on-linux-iot A"hiveorsl 

505 Wikipedia, Linux Malware https://en.wikipedia.org/wiki/Linux_malware !ikiless] [Archive org] 

506 Wikipedia, macOS Malware https://en.wikipedia.org/wiki/macOS_malware Wikiess] [Archive.org] 

507 MacWorld, List of Mac viruses, malware and security flaws https://www.macworld.co.uk/feature/mac-viruses-list-3668354/ 
VNiel aY\VMel g4| 

508 JAMF, The Mac Malware of 2020 https://resources.jamf.com/documents/macmalware-2020. pdf Archive.ors] 


503 macOS Security and Privacy Guide, https://github.com/drduh/macOS-Security-and-Privacy-Guide#viruses-and-malware 
[Archive org] 
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For instance, this guide’s PDF files were submitted to VirusTotal because it is meant to be public knowledge and | see 
no valid argument against it. It does not guarantee the absence of malware, but it does not hurt to add this check. 


Manual Reviews: 
You can also try to check various files for malware using various tools. This can be done as an extra measure and is 
especially useful with documents rather than apps and various executables. 


nil at=\romaat=iu aloleksmacte]Ullaom anle)a-muala) <-la lala olUiamer-] am ol-MUK{—1i0) Mim {ol (-lalmnom-Xomual-M->4ue-M(-1a\-400p 


PDF files: 
Again, regarding the PDFs of this guide and as explained in the README of my repository, you could check for 
anomalies using PDFID which you can download at https://blog.didierstevens.com/programs/pdf-tools/ Archive--re); 
Coe labsiicc) | mavanare) ame Cola M'sVdlare(on cya Male) 4A aat-(a@ 7/010] ol-\ Os) 
e Download PDFID and Extract the files 
e Run"python pdfid.py file-to-check.pdf" and you should see these at O in the case of the PDF files in this 


repository: 
IAS 0 #This indicates the presence of Javascript 
VAENE Soa ot 0 #This indicates the presence of Javascript 
NS OFA alicmlate|(or-]k-om atom ola -X=1 ale ome) m=] 0] ne) a at- ul om-\eid(o) ao) amo) ol-lallals4 
/OpenAction 0 #This indicates the presence of automatic action on opening 
WENcige) sel gan 0 #This indicates the presence of AcroForm which could contain JavaScript 
Al =i(evABY=1ereYo(=) 0 #This indicates the use of JBIG2 compression which could be used for obfuscating content 
VAR CoalACexel es) 0 #This indicates the presence of rich media within the PDF such as Flash 
/Launch (OE: 4H alicmecol Ul alacmaarcm t-lelalelal-leidlelars 
/EmbeddedFile OF: Ii altcmlatelKercin=somual=)acuelaoms)aalelevele(sleMill=cmydidallamdalsm aD) a 
/XFA 0 #This indicates the presence of XML Forms within the PDF 


Now, what if you think the PDF is still suspicious? Fear not ... there are more things you can do to ensure it is not 
malicious: 

e Qubes OS: Consider using https://github.com/QubesOS/qubes-app-linux-pdf-converter ”*he-°r8] which will 
convert your PDF into a flattened image file. This should theoretically remove any malicious code in it. Note 
that this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). 

e (Deprecated) Linux/Qubes OS (or possibly macOS through Homebrew or Windows through Cygwin): 
Consider not using https://github.com/firstlookmedia/pdf-redact-tools "v*-°'é] which will also turn your 
PDF into a flattened image file. Again, this should theoretically remove any malicious code in it. Again, this 
will also render the PDF formatting useless (such as links, headings, bookmarks, and references). Note that 
this tool is deprecated and relies on a library called “ImageMagick” which is known for several security 
issues>*°, You should not use this tool even if it is recommended in some other guides. 

e Windows/Linux/Qubes/OS/macOS: Consider using https://github.com/firstlookmedia/dangerzone “hveo'8] 
NV a) (oan Z-KoML avs) eo) n=Xom oh VM @LU] of =o 4D) aml Grol ahVi=l au Xo r-] ofe\{=¥-] ale mo(ol-scmma al -Mcy-| pet oLU) mm iSmY =) | Mantel alu) lal=vonr-] ale mela «meal 
all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool 
rg=Yo[V]]q=s DLolol <=) x DY=K3), quo) OM | akin) |(<Yom-latomvalcmanli aim QW AI MI ainclaiclacMi Zid pMA lanl lr] | ofoy.ar-laleMoldalclanvdlanel-] [p2-valoy a] 
software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together*"*. 
Consider installing this within a Linux VM for convenience instead of a Windows OS). 


Other types of files: 
Here are some various resources for this purpose where you will find what tool to use for what type: 


510 jmageTragick.com, https://imagetragick.com/ Archive-orsl 


iaemal @)e-Yol(<MV AT auUT-]| ofe) a DLoLolUTanl=lave-}ulolaMm nian os094 (ol olemo) g-lol[-MocolnnVA=1aVAVi acer] IP-lalelaVAUIauer-ll oleysAoMO)sclolanllaVAanexciavecie] jeleamaiean 
[Archive org] 
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e For Documents/Pictures: Consider using https://github.com/firstlookmedia/dangerzone “* °'8] which was 
Tals} eli x=xe Mo)’ @ 10) of=tom wd D) am Col aN i=1a elo m-] ole) \{-m-] alee (ol=\om dalomst- la ql=m oO ISM (-11 Maar-liale-liarccem-lalem ela «el an-]1@si=ie 
This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker- 
Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it 
requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together>"*. Consider installing this 
within a Linux VM for convenience instead of a Windows OS). 

e For Videos: Be extremely careful, use an up-to-date player in a sandboxed environment. Remember 
ala CXS MAVA AAAS XO) a nV A=) AV kel aa el(=YAVEA X02) 0) hie or=) efoo) ed aY=l i of=Yo bai o) bs alLel exe ali (oly eo) gaXef-] me) en ol ck=) en alel gare] alel=¥4 
[Archive org] 

e This practical cheat sheet from SANS: https://digital-forensics.sans.org/media/analyzing-malicious- 
document-files.pdf “"*h*-°"8] (warning, many of those tools might be harder to use on Windows and you 
might consider using them from a Linux OS such as Tails, Whonix Workstation, or a Linux distribution of your 
choice as explained later in this guide. There are also other guides out there>?? that might be of use). 

e This GitHub repository with various resources on malware analysis: https://github.com/rshipp/awesome- 
malware-analysis ’chive.orel 

e This interesting PDF detailing which tool to use for which file type https://www.winitor.com/pdf/Malware- 
Analysis-Fundamentals-Files-Tools. pdf “’chve-ors) 

Even with all those resources, keep in mind you might still get advanced malware if those are not detected by 
those various tools. Be careful and remember to handle these files within isolated Virtual Machines, if possible, to 
limit the attack surface and vectors. 


Appendix U: How to bypass (some) local restrictions on supervised computers 
There might be situations where the only device you have at your disposal is not really yours such as: 
e Using a Work computer with restrictions in place on what you can do/run. 
Cn \VISUK=Mo) im ore] a1 aie=] Mol al dco) i=r-] M0] asm KOM aato)al ino) mnvZolU)mecolan] olUin-lmUKy-]-4-m (o(-tJe)iK-m VOLUN of -1]at-ar- Mi alelanrae)aii-laldials4 
Adult). 
e Misuse of various monitoring apps to monitor your computer usage against your will. 


The situation might look desperate, but it is not necessarily the case as there are some safe ways to bypass these 
depending on how well your adversaries did their job securing your computer. 


exe) ait] 0) (= AVe) os 

There are plenty of methods you could use to bypass those restrictions locally. One of them would be to use 

oko) gt=] o) [2M] 0) ol taaneaa M aCol-M-] 0) oko (om alolama=Tol0lfe-Mlacie-] lulls melam Vell] mc Ain-uaielaleKer-lal \-M ae lam inelsie-MON)>6 <-\VA0) alan aal-la= 
else. 


But this is not a method | would recommend. 


This is because those portable apps will not necessarily hide themselves (or be able to hide themselves) from the 
usage reports and forensic examination. This method is just too risky and will probably arise issues if noticed if you 
are in such a hostile environment. 


Even the most basic controls (supervision or parental) will send out detailed app usage to your adversary. 


Bootable Live Systems: 
Wil alccwanlsid alele mim dalomolal=m MVol0l (om xateo)oaloarslale Ml aiualelsiomers kyon 


It is relatively easy for your adversary to prevent this by setting up firmware BIOS/UEFI (see Bios/UEFI/Firmware 
Settings of your laptop) controls but usually most adversaries will overlook this possibility which requires more 
technical knowledge than just relying on Software. 


sear Ol g-Toll MV AT an T-]| ofoyal Drool ]at-late-yulolaMm alae es-74 (0 loloMole-loll-MaolaVA-laVAVilaner-lir4-VelolaVAUIanUr-]l Yo ¢AoROVAlolanllaVAanydet-lavecie] jecolae alana) 
IVNiel aYV-mol g4| 


513 Lenny Zeltser, Analyzing Malicious Documents Cheat Sheet https://zeltser.com/analyzing-malicious-documents/ 'A‘chive-orel 
514 Wikipedia, Portable Applications https://en.wikipedia.org/wiki/Portable_application 'ik'less] [Archive org] 
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This method could even decrease suspicion and increase your plausible deniability as your adversaries think they 
have things under control and that everything appears normal in their reports. 


This method only depends on one security feature (that they probably did not turn on in most cases): Boot Security. 


Boot Security is divided into several types: 
e Simple BIOS/UEFI password preventing the change of the boot order. This means you cannot start such a live 
system in place of your supervised OS without providing the BIOS/UEFI password. 
e Secure Boot. This is a “standard” feature preventing you from starting unsigned systems from your 
computer. While this feature could be configured to only allow your supervised system, usually by default it 
will allow running an entire range of signed systems (signed by Microsoft or the Manufacturer for instance). 


Secure Boot is relatively easy to bypass as there are plenty of Live Systems that are now Secure Boot compliant 
(meaning they are signed) and will be allowed by your laptop. 


The BIOS/UEFI password on the other hand is much harder to bypass without risks. In that case, you are left with 
two options: 
e Guess/Know the password so that you can change the boot order of your laptop without raising suspicions 
e Reset the password using various methods to remove the password. | would not recommend doing this 
because if your adversaries went the extra length of enabling this security feature, they probably will be 
suspicious if it were disabled, and this might increase suspicion and decrease your plausible deniability 
considerably. 


Again, this feature is usually overlooked by most unskilled/lazy adversaries and in my experience left disabled. 
This is your best chance into bypassing local controls without traces. 


The reason is that most of the controls are within your main Operating System software and only monitor what 
happens within the Operating System. Those measures will not be able to monitor what happened at the 
Hardware/Firmware level before the Operating System loads. 


Precautions: 


While you might be able to bypass local restrictions easily using a Live System such as Tails, remember that your 
network might also be monitored for unusual activities. 


Unusual network activities showing up from a computer at the same time your computer is seemingly powered off 
might raise suspicions. 


iimvZeLU =] a= Ma Koll a=S\0) a en OM Hay PNYZOLU I are l0| (ol al=\"/=1 are(o Mol ico)an-Manlelalinela=roVA dare nam al=1an ela 4 olUime)al Mice) paMcM-licmellikclacvale 
network. Ideally a safe public wi-fi (See Find some safe places with decent public Wi-Fi). 


Do not use a live system on a Software supervised/monitored device on a known network. 


Refer to the Tails route to achieve this. See The Tails route and Appendix P: Accessing the internet as safely as 
possible when Tor and VPNs are not an option sections. 


Appendix V: What browser to use in your Guest VM/Disposable VM 
There are IMHO 6 possibilities of browser to use on your guest/disposable VM: 

e Brave (Chromium-based) 

e Edge (Chromium-based, Windows Only) 

e Firefox 

e Safari (macOS VM only) 

e Tor Browser 


Here is a comparison table of one fingerprinting test of various browsers with their native settings (but Javascript 
enabled for usability, except for Tor Safest mode). 
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Disclaimer: these tests while nice are not conclusive of the real fingerprinting resistance. But they can help 
compare browsers between each other. 


Browser https://coveryourtracks.eff.org/ 
Fingerprinting Test with real Ad 

Safari (Normal)* Fail (Unique) 

Safari (Private Window) * Fail (Unique) 

Edge (Normal)** Fail (Unique) 

Edge (Private Window) ** Fail (Unique) 

Firefox (Normal) Fail (Unique) 

Firefox (Private Window) Fail (Unique) 

Chrome (Normal) Fail (Unique) 

Chrome (Private Window) Fail (Unique) 

Brave (Normal) Passed (Randomized) 

Brave (Private Window) Passed (Randomized) 

Brave (Tor Window) Passed (Randomized) 





Tor Browser (Normal mode) | Partial 


Tor Browser (Safer mode) 
Tor Browser (Safest mode) UT a) davon (aX=xie lime |(om areola (ey-[e)) 


e *:macOS only. **: Windows only. 


Another useful resource to be considered for comparing browsers is: https://privacytests.org/ Archive ors) 


Brave: 

This is my recommended/preferred choice for a Browser within your guest VMs. This is not my recommended 
choice for a Browser within your Host OS where | strictly recommend Tor Browser as they recommend it 
themselves>*’. 


Why Brave despite the controversies>*©? 

e You will encounter fewer issues later with account creations (captchas ...). This is based on my experiences 
trying to create plenty of online identities using various browsers. You will have to trust me on that. 

e You will enjoy native ad-blocking where none is available in others by default without adding extensions*?”. 

e Performance is arguably better than Firefox*?*. 

e Brave is arguably better at fingerprinting resistance than others’. 

e Security of Chromium-based Browser is arguably better and more secure than Firefox>”” ***. Within the 
context of this guide, security should be privileged to prevent any vulnerability or exploit from gaining 
access to the VM. 

e Comparison of both by Mozilla: https://www.mozilla.org/en-US/firefox/browsers/compare/brave/ rchive.ore] 

e Comparison of both by Techlore: https://www.youtube.com/watch?v=qkJGF3syQy4 lInvidious] 

e The whole traffic will be routed over a VPN over Tor anyway. So even if you mistakenly opt-in for some 
telemetry, it is not so important. Remember that in this anonymity threat model, we are mostly after 
anonymity and security. The privacy of our online identities does not matter that much unless the privacy 
issue is also a security issue that could help deanonymize you. 


515 Brave Help, What is a Private Window with Tor Connectivity? https://support.brave.com/hc/en-us/articles/360018121491- 
What-is-a-Private-Window-with-Tor- chive.orel 

516 BlackGNU, https://ebin.city/~werwolf/posts/brave-is-shit/ A*chive-crel 

517 Brave Help Center, https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields [4’chive.ors] 

518 VentureBeat, Browser benchmark battle January 2020: Chrome vs. Firefox vs. Edge vs. Brave 
https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/ *chive.orel 
519 Brave.com, Brave, Fingerprinting, and Privacy Budgets https://brave.com/brave-fingerprinting-and-privacy-budgets/ *chivecrel 
520 Madaidan Insecurities, Firefox and Chromium https://madaidans-insecurities.github.io/firefox-chromium.html 4hve.orel 

521 GrapheneOS, Web Browsing https://grapheneos.org/usage#web-browsing Arhivecrs] 
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e Brave was found to be sending no identifiable telemetry compared to other browsers>”’. 


yaysxere)<4(=1e ml @ialae)aalielany 
This browser is considered a security liability due to their systemic lagging on security patches>. 


It is strongly advised not to use Ungoogled-Chromium. 


Edge: 
This is for Windows users only. Edge is a solid choice too. 
e You will encounter fewer issues later with account creations (captchas ...). This is based on my experiences 
trying to create plenty of online identities using various browsers. You will have to trust me on that. 
e Better Security than Firefox as it is Chromium-based**”’ °°, 
e Better Performance than Firefox. 
e The whole traffic will be router through Tor anyway. 
e Can benefit from additional security using Microsoft Defender Application Guard (MDAG)*°. Note that this 
feature cannot be enabled in a Virtualbox VM unfortunately. 
e Native tracker blocking (Similar to Brave Shields). 


Cons: 
e You will have to disable some telemetry within the Browser 


Seliclak 
The macOS default browser. 


Pros: 
e It is a Browser with decent security and sandboxing capabilities. 


Cons: 
e It is macOS only (obviously) 
e It requires signing-in into the App Store to install extensions (impossible within the scope of this guide since 
it is a VM) 
e Even if you could, it lacks the best Extensions available for Firefox and Chrome. 


Overall, | would not recommend using Safari on a macOS VM but instead, go for another Browser such as Brave or 
Firefox. 


Firefox: 
And of course, lastly, you could go with Firefox, 


Pros: 
e Well, it is out of the “Chromium” world and not taking part in expanding Chromium market share 
Cian [anelelelidiolanmnon of-1]a\-melUi mom dal -M@lalcolaal[elaame)a le puiom w=] \xo Meco) aa}e)(=1n-)h/el6] me) imi al-m Clofey-4(-mnVola lem (el-\s) o)incma al) 
IW KoyallFe MoU] are F-lucolam or-ialear-llaaressien-)aiela-)h’mavlavel=toll ova Clofoye4(-haae B 
e Animpressive amount of customization through extensions for every possible need. 


522 ResearchGate, Web Browser Privacy: What Do Browsers Say When They Phone Home? 


https://www.researchgate.net/publication/349979628 Web Browser Privacy What_Do Browsers _Say_When_They_Phone_H 
feyaals} Nigel alone) a4 











523 Duck’s pond, Ungoogled-Chromium, https://qua3k.github.io/ungoogled/ A'chive.orel 

524 Madaidan Insecurities, Firefox and Chromium https://madaidans-insecurities.github.io/firefox-chromium.html !*chive.orel 

525 GrapheneOS, Web Browsing https://grapheneos.org/usage#web-browsing A'chive.orel 

iracml V/ [Tol xoXZoya mex) ga Mall [Le1gescoyiien fe [2¢-Mc10] 0] oYo) mem io) mm \V/i(elne sxe) sem DY-1i-Vale (=) ay-Vel) [CerclulolamCler-]qem alan eityy Ae lelecmanl(elgelrelimere) an) (-1a 
us/deployedge/microsoft-edge-security-windows-defender-application-guard "chive.orsl 

27 BcMag, Mozilla Signs Lucrative 3-Year Google Search Deal for Firefox https://www.pcmag.com/news/mozilla-signs-lucrative- 
3-year-google-search-deal-for-firefox *chive-orel 
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e Firefox can be severely hardened to almost match the security of Chromium-based browsers. 


Cons: 
Cn XoXo) a= am ol ae) aa ar-laleomeo)an) oy-laclom non @lalacelealielaan 
Security (especially sandboxing) of Firefox is arguably weaker than Chromium-based browsers ~”’. 
e You will experience more captchas (this is based on my tests). 


Tor Browser: 
If you are extra paranoid and want to use Tor Browser and have “Tor over VPN over Tor”, you could go with Tor 
Browser within the VM as well. This is IMHO completely pointless/useless. 


| would not recommend this option. It is just silly. 


Appendix V1: Hardening your Browsers: 


Brave: 


e Download and install Brave browser from https://brave.com/download/ “hve eel 
e Open Brave Browser 
e Go into Settings 
Cin Clo Ko -\ 0) of =¥-] 1a a= 
oyun ) ist] 6) (=¥es) ale) Va Ke) OMS TL R=1S 
o Disable Show Brave Suggested Sites 
o Enable Hide Brave Rewards 
o Enable Always show full URL 
Ca Cro [aicemsyal(=y (els 
o Set Shields to Advanced 
o Set Trackers and Ads blocking to Aggressive 
o Set Upgrade to HTTPS to enabled 
o Set Cookie blocking to “Only cross-site” 
o Set Fingerprinting blocking to Standard (or Strict) 
Ca Clo [ainomsvoroll-] maal=xe|f- m=} (elel dj als 
o Uncheck everything unless needed 
e Go to Search Engine 
o See Appendix A3: Search Engines 
e Go into Extensions 
o Disable everything except Private Windows with Tor and both Resolve methods set to “Ask” 
e Go into Wallet 
o Disable the wallet 
e Go into Additional Settings, Privacy, and Security 
o Leave WebRTC to Default 
o Disable all the rest 
© Go into Clear Browsing Data 
o Select On Exit 
o Check all options 
Cen ©) ol- lair malian I] ©) 
e § §=Click Customize in the lower right corner 
o Disable everything except maybe the clock 
e Navigate to brave://adblock 
ome =) (=1e1mr-]anvar-1e (elidel are] W-le] 0) (ele data ik-TenvelU nC lals 
Cian DYoM alo) mt=\V{-) ax=la¥-] 0) (Ms) e-)V(2m Xe\iF-] a0 (om (ol UidmolaM aVolUl (eM ol-Mal(olo(-la}) 


No foo) akswnom xe) ats) (o(=1are) ams) e-\V{-m i mele] almr-(eloliute)ar-] m o)ce) kel Le) ace 


am ViFLo ETC EVaM lacx-oUlaid Ml ol cco arclate M@lalcelaallUlaam aired os AAnat-lellicElatlakrctllald(-cweiis all MeVAila-iceycolalcelaallUlaaM aidan) memananmt 
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CMa over} (1D) \ Im (ayn oXss7/4 Kola] ce) pata exoXoyed (=Wero) aaVANiiZ=) elie) g=¥A0(21 reli VA LoYers] Ceol nV) 
o Alternatively, DecentralEyes (https://chrome.google.com/webstore/detail/decentraleyes/) 
e  PrivacyBadger (https://chrome.google.com/webstore/detail/privacy-badger/) 
e NoScript (https://chrome.google.com/webstore/detail/noscript/) 
o Alternatively, uMatrix (https://chrome.google.com/webstore/detail/umatrix/) 
e ClearURLs (https://chrome.google.com/webstore/detail/clearurls/) 
e Privacy Redirect (https://github.com/SimonBrazell/privacy-redirect) 
o While the settings for Invidious and Nitter instances are random, | would recommend setting them 
to “nitter.net” for Nitter and “yewtu.be” for Invidious. 


That’s it and you should be pretty much covered. For full paranoia, you can also just “Block Scripts” to disable 
Javascript. Note that even disabling Javascript might not protect you fully>”’. 


Ungoogled-Chromium: 
This browser is considered a security liability due to their systemic lagging on security patches>”°. 


It is strongly advised not to use Ungoogled-Chromium. 


Edge: 
AVAViTaXeKoynViswroy al iV 
e Open Edge 
e Go into Settings 
e Goto Profiles and make sure everything is unchecked in every section (Personal Info, Passwords, Payment 
info, Profile preferences) 
e Goto Privacy, search, and services: 
o Goto Tracking Prevention: 
= Set to Strict or at least Balanced 
= Set to always use Strict with InPrivate Windows 
Oo Goto Privacy: 
= Enable send Do Not Track 
= Disable the options for the website to check your payment methods 
omen Glo voll @) 0) dio) ar-] MD) T-1-44(e)s14 (em DY] 8- 


in D) i=] 0) (= 
© Go to Personalize your Web Experience: 
ie D) i=] 0) (= 


o Goto Security 
=" Disable everything 
oma ClO KOS 101 (60215 
= Disable everything 
= In Address Bar and Search: 
e Disable everything and change the search engine (see Appendix A3: Search Engines) 
© Goto Cookies and Sites Permissions: 
= Within All Permissions: 
e Within Cookies, make sure “Block Third-Party Cookies” is checked 
e Block everything except: 
o Javascript 
o Images 


Enable Application Guard for Edge (only on Host OS, not possible within a VirtualBox VM): 
Skip if this isa VM 
523 FingerprintJS, Demo: Disabling JavaScript Won’t Save You from Fingerprinting https://fingerprintjs.com/blog/disabling- 


TENE Welal oven Zelah excino) on ilat<-1a eal aidlal=7 mamta 
530 Duck’s pond, Ungoogled-Chromium, https://qua3k.github.io/ungoogled/ “"h've-crel 
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e Open Control Panel. 

e Click on Programs 

e Click on Turn Windows features on or off link 

e Check the Windows Defender Application Guard option 

e Click OK. 

e Click Restart. 

Cin \ oN VAY LoLU or-] ae) of Ta {0 |:4-¥-] ale io) olla We- Wm ai-h) Vane Vo)e)| (er-]u oa ClUl-lco mmm’ \"Alarele)iva 


That’s about it for Edge but you are also free to add extensions from the Chrome Store such as: 

e uBlock Origin (https://chrome.google.com/webstore/detail/ublock-origin/) 

CMa over] (1D) \ Im (aun ols7/ A010] ce) pal=Mexo Loyd (=Wero) aaVANiiZ=1 ofc] Ke) g=¥A0(=1 RelA leYer=] (0) nV) 

o Alternatively, DecentralEyes (https://chrome.google.com/webstore/detail/decentraleyes/) 
PrivacyBadger (https://chrome.google.com/webstore/detail/privacy-badger/) 
HTTPSEverywhere (https://chrome.google.com/webstore/detail/https-everywhere/) 
e NoScript (https://chrome.google.com/webstore/detail/noscript/) 

o Alternatively, uMatrix (https://chrome.google.com/webstore/detail/umatrix/) 
ClearURLs (https://chrome.google.com/webstore/detail/clearurls/) 
e Privacy Redirect (https://chrome.google.com/webstore/detail/privacy- 

iaaXe lI aaxerd A elaatel patex-l=4e)| ai avaaveys4] cell a.cellliteaitsale))} 

o While the settings for Invidious and Nitter instances are random, | would recommend setting them 
to “nitter.net” for Nitter and “yewtu.be” for Invidious. 


Safari: 
macOS Only: 
e Open Safari 
e Click the Safari top left Menu 
e Click Preferences 
o Onthe General Tab: 
=" Change New Windows to “Empty Page” 
=" Change New Tabs to “Empty page” 
=" Change the Remove History after to “1 day” 
= Change the Remove Download list items to “When Safari Quits” or “When Successful 
Download” 
= Uncheck “Open Safe Files After Downloading” 
o On the Security Tab: 
= Disable “Warn when visiting a Fraudulent Website” (this sends the URLs your visit to Google 
for screening) 
o On the Privacy Tab: 
= Uncheck “Web Advertising” 
on ©) al=w-XehiZ-la(eclem Ir-] 0} 
=" Check the “Show full website address” 


{Oro} ay [ol] ay-Ne) ol=1alel pa Nowa -Volol idle) ar-) mo) ge) VAs=1 am 0] aor] Uh d(o) aim ida ls l-N\c- Nola) 0) m= at-]0) {<1 


That’s about it. Unfortunately, you will not be able to add extensions as those will require you to sign in into the App 
Store which you cannot do from a macOS VM. Again, | would not recommend sticking to Safari ina macOS VM but 
instead switching to Brave or Firefox. 


Firefox: 


Normal settings: 
Ca @) ol =a 10), 4 
e On the Firefox Home Page: 
o Click Personalize 
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om ©) aol at =X. AD) y=] 0) (om Vclavadal lays 
e Open Settings: 
© Gointo Search 
=" Change the search engine (See Appendix A3: Search Engines) 
Oo Go into Privacy & Security 
SY =) KOM OLUI“1 0) 08) 
e Cookies: Select All Third-Party Cookies 
e = Tracking Content: In all Windows 
Cn Ol al =ol Ol avs olnedanllal=1as 
e =Check Fingerprinters 
= Set always send “Do Not Track” 
o Goto Logins and Passwords 
=" Uncheck “Ask to save logins and passwords for websites’ 
© Goto Permissions 
=" Location: check block new requests 
=" Camera: check block new requests 
Taam \V/ (10) 0) aXe) a{ =o al Yel al 0} (oX@l al a\=\ Va exe [U[ =o 8S 
=" Notifications: check block new requests 
Ly NU] Ko) 0) f= \YouRX=) (101 em D)(ct-] 0) (NV ULe| (obe- Vaio MAVALe (10) 
= Virtual Reality: check block new requests 
=" Check Block Pop-ups 
=" Check Warn when websites try to install add-ons 
om Glo Koll a1 a=) (0) a DY- 1-1 @e) | (=e (oa lr-lale MULT = 
=" Disable everything 
o Goto HTTPS-Only Mode 
ee =1aY-] 0) (Mi iame)air-]| MUTA (oN) 


) 


Advanced settings: 
Those settings are explained on the following resources in order of recommendation if you want more details about 
what each setting does: 


1. https://wiki.archlinux.org/title/Firefox/Privacy 4"he-°'s] (most recommended) 
2. https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide chive ors] 


Here are most of the steps combined from the sources above (some have been omitted due to the extensions 
recommended later below): 


e Navigate to “about:config” in the URL bar 
e Click Accept the Risk and Continue 
o Safe Settings (should not break anything) 
= Disable Firefox Pocket 
CMSY=1 a=). 421 a1) (0) alow of olol <=) m=) ate] 0) (=10 ean Kom r= KX) 
=" Disable All Telemetry 
e Set “browser.newtabpage.activity-stream.feeds.telemetry“ to false 
e Set “browser.ping-centre.telemetry” to false 
e Set “browser.tabs.crashReporting.sendReport“ to false 
e Set “devtools.onboarding.telemetry.logged“ to false 
e Set “toolkit.telemetry.enabled“ to false 
e Search for “toolkit.telemetry.server“ and clear it 
e Set “toolkit.telemetry.unified“ to false 
e Set “beacon.enabled” to false 
=" Disable Pre-Fetching 
e Set “network.dns.disablePrefetch“ to true 
e Set “network.dns.disablePrefetchFromHTTPS” to true 
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e Set “network.predictor.enabled” to false 
e Set “network.predictor.enable-prefetch” to false 
e Set “network.prefetch-next“ to false 
e Set “browser.urlbar.speculativeConnect.enabled” to false 
=" Disable Javascript in PDFs 
e Set “pdfjs.enableScripting” to false 
Limam DY Kcy-] 0} (=o) ose) (= n= Ms ys) =) aLOl AV oa (o) a 
e Set “security.ssl3.rsa_des_ede3_sha“ to false 
e Set “security.ssl.require_ safe negotiation” to true 
= Disable Firefox Accounts 
e Set “identity.fxaccounts.enabled“ to false 
ian D) ky-] 0) (= Gi=10) (oer- 1 (0) A] 
e Set “geo.enabled“ to false 
=" Disable Web Notifications 
e Set “dom.webnotifications.enabled“ to false 
= Disable Copy/Paste Notifications 
e Set “dom.event.clipboardevents.enabled” to false 
= Disable Microphone/Camera status fetching 
e Set “media.navigator.enabled” to false 
i =t a=) 0) (iam DoW \ (0) ail e-Vol ae 
e Set “privacy.donottrackheader.enabled” to true 
=" Disable SafeBrowsing 
e Set “browser.safebrowsing.malware.enabled” to false 
e Set “browser.safebrowsing.phishing.enabled” to false 
e Set “browser.safebrowsing.downloads.remote.enabled” to false 
o Moderate Settings (could break some websites) 
=" Disable WebRTC (this will break all websites with video/audio communications) 
e Set “media.peerconnection.enabled” to false 
e Set “media.navigator.enabled“ to false 
= Disable WebGL (this will break some media intensive websites) 
e Set “webgl.disabled“ to true 
=" Disable DRM 
e Set “media.eme.enabled” to false 
e Set “media.gmp-widevinecdm.enabled” to false 
= Set Cookiies Behavior 
e Set “network.cookie.cookieBehavior” to 1 
e Set “network.http.referer.XOriginPolicy” to 2 
=" Change referer policy 
e Set “network.http.referer.XOriginTrimmingPolicy” to 2 
=" Change Session Storage behavior 
e Set “browser.sessionstore.privacy_level” to 2 
tems BY Icy] 0) (= OC} a] al =Xo1 (0) alm =x] Roim (@) a Or-) od \V=¥l x0) a =) kS 
e Set “network.captive-portal-service.enabled” to false 
= Disable “Trusted Recursive Resolver” 
e Set/Create “network.trr.mode” and set it to 5 
o Advanced (this will break some websites) 
= Set “privacy.resistFingerprinting” to true 
= Set “privacy.trackingprotection.fingerprinting.enabled” to true 
LS =1 tad 0) d1V-1 lV [01,4] a <4 0) coluctoid lo) aMoraysolnelealialiay-mclar-le) (ave Mmmcomugul 
= Set “privacy.trackingprotection.enabled” to true 
=" Set “browser.send_pings” to false 
=» Set “network.http.sendRefererHeader“ to 0 (this might break plenty of websites) 
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= Set “change privacy.firstparty.isolate“ to true 

= Set “change network.cookie.lifetimePolicy“ to 2 (this deletes all cookies after each session) 

= Set “network.http.referer.XOriginPolicy” to 2 (Send Referer only when the full hostnames 
match) 


PNeoQofoyatsm non alsin] (Acco) atsiie (=) ae 
CMa] =} (ole @) ate47 am (aia olssy 4 A-lololo) acm antoydlit-Mels-44-)a ONY Ailaaiioy¢aelolole)ayAble) (ole) cre) ats41a¥ A) 
Wa KoYor=] 1D) \\m (aia oko 4 -o lolol alm aaloyal [= Mel e-4AclanlU sy milaa)iep sacle le le) ayAlever-) (ere) aniie) a exe) iol =Yer= al da-] (=NVX9 
o Alternatively, Decentraleyes (https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/) 
e HTTPS Everywhere (https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/) 
Cia \ Cossvol a] oven (alu elsy#Aclolole) atcmeatoy4]t-Molge4 421s UY ail aaiie>.¢c-lelolo)aVaatesverg] 10) 
o Within the options, Change Default options to check everything except “Ping” and “Unrestricted 
css” 
Clay -\iceleat-1uhVemcon) (essiorg| olumv]\feluap a Ualud essymeelololo) atcmaatey4l|t- Mel eo4A-l abl ON yAilaciied ¢aclelololayAblant-iaah ga) 
Cian Gl (=t-1 00), 1 Bom (ala Soy MAeTo Lolo) aim patoydl lt Mel es4A-lanl OsyAilaciied ¢Aclelelo)ayAellst-]a0 lay 
e  PrivacyBadger (https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/) 
e Temporary Containers (https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) 
e Privacy Settings (https://addons.mozilla.org/en-US/firefox/addon/privacy-settings/) 
e Privacy Redirect (https://addons.mozilla.org/en-US/firefox/addon/privacy-redirect/) 
o While the settings for Invidious and Nitter instances are random, | would recommend setting them 
to “nitter.net” for Nitter and “yewtu.be” for Invidious. 


Bonus resources: 

Here are also two recent guides to harden Firefox: 
Me aia SHA Leal ats. 4\74A 9) (0)-4Az-1er-lalelial-lenila-iied coat-lae|-tallay-ar-40] (0-7 maine 
e https://ebin.city/~werwolf/posts/firefox-hardening-guide/ hve-orel 


Appendix W: Virtualization 


So, you might ask yourself, what is Virtualization>?*? 


Basically, it is like the Inception movie with computers. You have emulated software computers called Virtual 
Machines running on a physical computer. And you can even have Virtual Machines running within Virtual machines 
if you want to (but this will require a more powerful laptop in some cases). 


Here is a little basic illustration of what Virtualization is: 


531 Wikipedia, Virtualization https://en.wikipedia.org/wiki/Virtualization 'Wikiless] [Archive.org] 
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Each Virtual Machine is a sandbox. Remember the reasons for using them are to prevent the following risks: 
e Mitigate local data leaks and easier clean-up in case of risk (everything is contained within the VM and only 
the VM identifiers could be leaked and not the Host Hardware identifiers) 
e Reduce malware/exploit attack surfaces (if your VM is compromised, the adversary still must figure out he is 
ina VM and then gain access to the Host OS which is not so trivial). 
e Mitigate online data leaks by being able to enforce strict network rules on Virtual Machines for accessing the 
network (such as passing through the Tor Network). 


Appendix X: Using Tor bridges in hostile environments 


In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might 
be a Safety risk. 


In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation 
https://2019.www.torproject.org/docs/bridges “'hve-'8] and Whonix Documentation 
https://www.whonix.org/wiki/Bridges "hive or8)), 


sya lof eXetsmr- | aemc} oL=Lel f=] i Ko) axl aid ava alolel sma aY-) ar-] a=W alo) am | cincle Mo) aia al-Wm Ke) al ol0] 0) | (ome |] c-leine) aVmsyo)aal-Mo) ma aley-W-]a-m ae lalaliay-mela 
roX=Yoy o)(-Mavlalaliaycaue al-MsvaCeN  ail-).<oMls] ceNWAX=Tm=>4K-) ace) ahaa 7 ali (Meldat- eee] com aU alaliataelaMvZ-la(olUksac-)aV-lew-l collate muat-muvelaleR 
Most of those bridges are running some type of obfuscation method called obfs4>°°. 


532 Tor Project, Project Snowflake https://snowflake.torproject.org/ Archive-orel 
533 GitHub, Obfs4 Repository https://github.com/Yawning/obfs4/ 'chive orel 
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Here is the definition from the Tor Browser Manual>™*: “obfs4 makes Tor traffic look random and prevents censors 
from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 
bridges”. 


Some of those are called “Meek” bridges and are using a technique called “Domain Fronting” where your Tor client 
(Tails, Tor Browser, Whonix Gateway) will connect to a common CDN used by other services. To a censor, it would 
appear you are connecting to a normal website such as Microsoft.com. See 
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek for more information. 


As per their definition from their manual>**: “meek transports make it look like you are browsing a major web site 
instead of using Tor. meek-azure makes it look like you are using a Microsoft web site”. This is a type of “domain 
fronting” >°°. 


Lastly, there are also bridges called Snowflake bridges that rely on users running the snowflake extension in their 
browser to become themselves entry nodes. See https://snowflake.torproject.org/ Achveorel, 


First, you should proceed with the following checklist to make sure you cannot circumvent Tor Blocking (double- 
check) and try to use Tor Bridges (https://bridges.torproject.org/ Arhive--r8)); 
Cia (aX -rero) aa} ented ave (=te Mm iim 6) (oXe).<-fe ll oLUimir- 11-9 MN aVm NOM -4-1m-] ao) 0) im o)alol-<-Ml alma a(-W Ke) mec) alal-lois(o)a le) ed (aise 
e (Recommended if blocked but safe) Try to get a snowflake bridge in the Tor connection options. 
e (Recommended if hostile/risky environment) Try to get a meek bridge in the Tor connection options (might 
be your only option if you are for instance in China). 


Bridges 
Bridges help you access the Tor Network in places where Tor is blocked. Depending on where you 
are, one bridge may work better than another. Learn More 


/ Use a bridge 


® Select a built-in bridge meek-azure  ¥ 
ere (Vata M oli lelel-Mirelumcelfeie)(-tamelce obfs4 
snowflake 


Provide a bridge 


Enter bridge information from a trusted source. 


(IIlustration from Tor Browser Bridge Configuration) 


If none of those build-in methods are working, you could try getting a manual bridge either from: 


534 Tor Browser Manual, Pluggable Transport https://tb-manual.torproject.org/circumvention/ Archive.ore] 
535 Tor Browser Manual, Pluggable Transport https://tb-manual.torproject.org/circumvention/ Archive.ore] 


536 Wikipedia, Domain Fronting https://en.wikipedia.org/wiki/Domain_fronting 'ikiless] [Archive.org] 
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e https://bridges.torproject.org/bridges?transport=meek (for a meek bridge) 
e https://bridges.torproject.org/bridges?transport=obfs4 (for an obfs4 bridge) 


This website obviously could be blocked/monitored too so you could instead (if you have the ability) ask someone to 
do this for you if you have a trusted contact and some e2e encrypted messaging app. 


Finally, you could also request a bridge request by e-mail to bridges@torproject.org with the subject empty and the 
body being: “get transport obfs4” or “get transport meek”. There is some limitation with this method tho as it is only 
available from a Gmail e-mail address or a Riseup.net (https://riseup.net/ "™""°) e-mail address. 


Hopefully, these bridges should be enough to get you connected even in a hostile environment. 


If not, consider Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option 


Appendix Y: Installing and using desktop Tor Browser 


Naksiecl i teldlelar 
This is valid for Windows, Linux, and macOS. 


e Download and install Tor Browser according to the instructions from https://www.torproject.org/download/ 
UNgel aY\Vimol g4| 


e Open Tor Browser 


Usage and Precautions: 


e After opening Tor Browser, you will see an option to connect, a checkbox to connect automatically anda 
button to go into Tor Network Settings. The Tor Network settings are there for you to possibly configure 
sy ale [sX=\m Koo) al al -Loi mm KolM Ko) an | mVLoLU I~] a= => 4 0l-1ai-)alol] alsa kic10(=\om eco) a) al=loid | aa Kolm Ko) axe [U[=M Koll =) ahYo) a1 al] ole) ams) (olel dl alsareks 
explained here: Appendix X: Using Tor bridges in hostile environments. 


Connect to Tor 


Tor Browser routes your traffic over the Tor Network, run by thousands of 
volunteers around the world. 


Always connect automatically 


Tor Network Settings 


© Personally, in the case of censorship or blocking, | would recommend using Meek-Azure bridges if 
needed. And Snowflake bridges as a second option. 
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Bridges 
Bridges help you access the Tor Network in places where Tor is blocked. Depending on where you 
are, one bridge may work better than another. Learn More 


¥ Use a bridge 


® Select a built-in bridge meek-azure ¥ 
tote =ta eB olilelel-Mirelumcelfelie)(tamelce ., obfs4 
snowflake 


Provide a bridge 


Enter bridge information from a trusted source. 


e At this point, still before connecting, you should click the little shield Icon (upper right, next to the Address 
bar) and select your Security level (see https://tb-manual.torproject.org/security-settings/ "°°"! for 
details). Basically, there are three. 





© Standard (the default): 

= All features are enabled (including JavaScript) 
oO. Safer: 

=" JavaScript is disabled on non-HTTPS websites 

= Some fonts and symbols are disabled 

= Any media playback is “click to play” (disabled by default) 
oO. Safest: 

=" Javascript is disabled everywhere 

= Some fonts and symbols are disabled 

mya vaant=xe|f-Me) f-bV,e¥- [easier (el qunomy o)F-)Vamm (ol ist] ¢)(=10 o\ are (=1i- 10] 19) 
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Security Level 


Disable certain web features that can be used to attack your security and anonymity. Learn more 


Standard 


All Tor Browser and website features are enabled. 


Disables website features that are often dangerous, causing some sites to lose functionality. 
JavaScript is disabled on non-HTTPS sites. 
Some fonts and math symbols are disabled. 


Audio and video (HTML5 media), and WebGL are click-to-play. 


Safest 


Only allows website features required for static sites and basic services. These changes affect 
images, media, and scripts. 

JavaScript is disabled by default on all sites. 

Some fonts, icons, math symbols, and images are disabled. 


Audio and video (HTML5 media), and WebGL are click-to-play. 


| would recommend the “Safer” level for most cases. The Safest level should only be enabled if you think you are 
accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break 
many websites that rely actively on JavaScript. 


(Optional and not recommended by the Tor Project, this is a personal choice | made) If you are not using the 
“Safest” level, | will diverge from some but agree with others (for instance the Tails project and others>*’) and will 
Told Url I NAR=xeo)aalant=y ale Mcxo)a atom anreXe|hiler-li ie) atcmey md a\-Mo(-1i-10] [am Ke) als) qe)" \-1 am amaat-m-le(e) |u(olameyman on ->.4x-1a\j[0) ach 


e  uBlock Origin (as it is the case on Tails) while leaving the extension on the default settings: 
o Head over to https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ within Tor Browser 
and install the extension. 
e Privacy Redirect: This is very practical if you use the “Safest” mode as Invidious instances require no 
SEWE Meld] om 
o Head over to https://addons.mozilla.org/en-US/firefox/addon/privacy-redirect/ within Tor 
Browser and install the extension. 
o While the settings for Invidious and Nitter instances are random, | would recommend setting 
them to “nitter.net” for Nitter and “yewtu.be” for Invidious. 


Let’s keep in mind that even 3 letters agencies recommend blocking ads for their internal users in order to improve 
security>?*. 


If you did not go for the above personal and not officially recommended options, the Safer level should still be used 
with some extra precautions while using some websites: see Appendix A5: Additional browser precautions with 
NEW Nolg] elm =lal-1e)(=10 p 


Now, you are really done, and you can now surf the web anonymously from your desktop device. 


537 GitLab, Tor Browser Issues, Add uBlock Origin to the Tor Browser https://gitlab.torproject.org/tpo/applications/tor-browser/- 
/issues/17569 Archivecrel 
538 Vice, The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous 


https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous [A’hive-orel 
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There are many services that you might want to use (VPS hosting, mail hosting, domain names...) but require 
payment of some kind. 


As mentioned before in this guide multiple times, | strongly recommend the use of services accepting cash (that you 
could send anonymously through the postal services) or Monero which you can buy and use directly and safely. 


But what if the service you want does not accept Monero but does accept a more mainstream cryptocurrency such 
as Bitcoin (BTC) or Ethereum (ETH). 


Bitcoin and other “mainstream cryptocurrencies” are not anonymous at all (Remember Your Cryptocurrencies 
transactions) and you should never ever purchase, for example, Bitcoin from an exchange and then use these 
directly for purchasing services anonymously. This will not work, and the transaction can be traced easily. 


e Stay away from Crypto Mixers and Tumblers. You might think this is a good idea but not only are they IMHO 
useless with cryptocurrencies such as BTC/ETH/LTC, but they are also dangerous as you might end up trading 
your currency for dirty currency from illicit activities. Use Monero to anonymize your crypto. Use a normal 
KYC-enabled Exchange to buy/sell your Monero (such as Kraken) or (at your own risk), use a service like 
Mofer-}| \V/(elal=1ne 

e Stay away from what are in my opinion risky private/anonymizing wallets such as 
https://we.incognito.org. Use a safer method outlined below. 


RX=r- Xo) Ale] 0) \Varelalelanyapleleisme) old lean 
Despite this, it is possible to safely anonymize Bitcoin through the use of cryptocurrencies with a focus on 
untraceability such as Monero (XMR) with a few more steps and at a relatively small cost. So, you might be 
wondering how? Well, it is actually pretty simple: 
1. Purchase Monero at: 
a. aKYC exchange (such as Kraken) 
b. anon-KYC exchange (such as https://bisq.network/) 
c. from someone on LocalMonero using cash (at your own risk) 
2. Create a Monero wallet on one of your anonymized VMs (for example, on the Whonix Workstation which 
includes a Monero GUI wallet natively or using the Monero GUI wallet from 
lala OSH MAWAAYAeXe14 nate) al=1 gee) a24 Aol enWz0) (ol-\oky Ano) a meld a\=1 al ©2139) 
3. Transfer your Monero from the Exchange you bought it from to the wallet on your VM. 
4. Onthe same VM (for instance again the Whonix Workstation), create a Bitcoin Wallet (again this is provided 
natively within the Whonix Workstation) 
5. From an anonymized browser (such as Tor Browser), use a non-KYC (Know Your Customer) service swapping 
service (see Appendix A8: Crypto Swapping Services without Registration and KYC) and convert your Monero 
to BTC and transfer those to the BTC Wallet you have on your anonymized VM 


You should now have an anonymized Bitcoin wallet that can be used for purchasing services that do not accept 
Monero. You should never access this wallet from a non-anonymized environment and always use well-thought 
OPSEC with your BTC transactions. Remember those can be traced back to you. 


The origin of those BTC cannot be traced back to your real identity due to the use of Monero (unless Monero is 
broken). Please do read Appendix B2: Monero Disclaimer. 


Extra-Paranoid anonymous option: 
As explained in the disclaimer, If you feel extra paranoid, you could consider using an additional conversion step 
using a different privacy/anonymity-focused cryptocurrency such as Zcash (https://z.cash/ "h've-rel), 


For example, here are two possibilities: 


1. Buying Monero first option: 
a. Buy Monero (XMR) at either at: 
i. aKYC exchange (such as Kraken) 
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ii. amnon-KYC exchange (such as https://bisq.network/) 
iii. from someone on LocalMonero using cash (at your own risk) 

b. Transfer your Monero to your Monero wallet in a secure environment (such as the Monero GUI 
wallet pre-installed on the Whonix workstation or using the Monero GUI wallet from 
https://www.getmonero.org/downloads/ on other OSes). 

c. Use a swapping service (see Appendix A8: Crypto Swapping Services without Registration and KYC) 
to exchange your Monero to a Zcash wallet you control in your secure environment (see Appendix 
AQ: Installing a Zcash wallet). 

d. Transfer your Zcash from one VM Zcash wallet to another VM Zcash wallet you control while making 
sure you are using shielded addresses (some exchanges allow this directly). 

i. Do make sure the wallets are different and change your Tor identity before opening the 
recipient wallet. 

e. Use a swapping service again to exchange your Zcash to Monero/BTC/other (for BTC, use for 
example the Electrum Wallet on the Whonix Workstation). 

f. Use your Monero/BTC/other anonymously. 

2. Buying Zcash first option: 

a. Buy Zcash (see https://z.cash/exchanges/ "hive.crel) 

b. Transfer your Zcash from the to a VM Zcash Wallet (see Appendix A9: Installing a Zcash wallet). 

c. Transfer your Zcash from your VM Zcash Wallet to another VM Zcash Wallet using shielded 
addresses. 

i. Do make sure the wallets are different and change your Tor identity before opening the 
recipient wallet. 

d. Use aswapping service (see Appendix A8: Crypto Swapping Services without Registration and KYC) 
to exchange your Zcash to Monero at your VM Monero Wallet (such as the Monero GUI wallet pre- 
installed on the Whonix workstation or using the Monero GUI wallet from 
lala OSH MAWAWAYAeXeud nate) al=1geMe) a-¥ 0 lenWVaal(or-lok Varela medals) al © \=13) B 

e. Now either use your Monero directly to buy from merchants OR use a swapping service to swap 
your Monero to another cryptocurrency such as BTC/ETH/Other (for BTC, use for example the 
Electrum Wallet on the Whonix Workstation). 

f. Use your cryptocurrency anonymously. 


These steps should upgrade from “reasonably anonymous” to “extra-paranoid anonymous’. Even if Monero is 
broken in the future. Zcash will have to be broken as well. Quite unlikely. 


When using BTC: bonus step for improving your privacy using obfuscation: 

You might want to consider the use of Wasabi (https://wasabiwallet.io/ “"’*°2]) for your BTC transactions using 
their “CoinJoin feature” °°? to further cover your tracks. This would mean swapping your Monero for BTC to a Wasabi 
Wallet instead of a normal Wallet. And then using that Wasabi Wallet for your BTC transactions using their CoinJoin 
feature. 


When converting from BTC to Monero: 

Now, as part of any process above, if you want to convert BTC back to Monero, | recommend not using a swapping 
service but instead recommend using the new Monero Atomic Swap Tool: https://unstoppableswap.net/. This will 
prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self- 
explanatory with detailed instructions for all OSes. 


Appendix Al: Recommended VPS hosting providers 

| will only recommend providers that accept Monero as payment and here is my personal shortlist: 
e Njalla https://njal.la/ (my personal favorite but quite expensive, recommended by PrivacyGuides.org. 
e 1984.is (my second favorite, much less expensive) https://www.1984.is. 
e Tobe considered at your own risk (untested): 


539 Europol Wasabi Wallet Report, https://www.tbstat.com/wp/uploads/2020/06/Europol-Wasabi-Wallet-Report.paf Archive.orel 
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©  https://cryptoho.st/ (warning, this might be against their ToS as they require personal identification 
on registration) 
https://www.privex.io/ 

o  https://cockbox.org/ (warning, this provider is rather “edgy” and could offend some people) 


Also consider these lists: 


e Tor Project: https://community.torproject.org/relay/community-resources/good-bad-isps/ "hive ors] 
e PrivacyGuides.org: https://privacyguides.org/providers/hosting/ 4'chve--rel 


Lastly, you could pick one (at your own risk) from the list here that does accept Monero: 
https://www.getmonero.org/community/merchants/#hosting “chives! 


Please do read Appendix B2: Monero Disclaimer. 


If the service does not accept Monero but does accept BTC, consider the following appendix: Appendix Z: Paying 
anonymously online with BTC. 


Appendix A2: Guidelines for passwords and passphrases 


My opinion (and the one of many” 41’ 547”543’544’545) is that passphrases are generally better than passwords. So 
instead of thinking of better passwords, forget them altogether and use passphrases instead (when possible). Or just 
use a password manager with very long passwords (such as KeePassxXC, the preferred password manager in this 
guide). 


The well-known shown-below XKCD https://xkcd.com/936/ “"*he-°'8] js still valid despite some people disputing it 
(See https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength 4"e-°"el), Yes, it is quite old now and is 
a little bit outdated and might be misinterpreted. But generally, it is still valid and a good argument for using 
passphrases instead of passwords. 


540 NIST, https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/ [Archive.ore] 

5°41 7Dnet, FBI recommends passphrases over password complexity https://www.zdnet.com/article/fbi-recommends- 
passphrases-over-password-complexity/ ’chive.ors] 

542 The Intercept, Passphrases That You Can Memorize — But That Even the NSA Can’t Guess 
https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/ [Tr Mirror] [Archive org] 

543 ProtonMail Blog, Let’s settle the password vs. passphrase debate once and for all https://protonmail.com/blog/protonmail- 
com-blog-password-vs-passphrase/ [A'chive.ore] 

544 YouTube, Edward Snowden on Passwords: Last Week Tonight with John Oliver (HBO) 

https://www.youtube.com/watch ?v=yzGzB-yYKcc !!nvidious] 

45 YouTube, How to Choose a Password — Computerphile https://www.youtube.com/watch?v=3NjQ9b3pelg lnvidious] 
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(IIlustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) 


Here are some recommendations (based on Wikipedia>”): 
e Long enough to be hard to guess (typically four words is a minimum, five or more is better). 
e Nota famous quotation from literature, holy books, et cetera. 
e Hard to guess by intuition—even by someone who knows the user well. 
e Easy to remember and type accurately. 
e For better security, any easily memorable encoding at the user's own level can be applied. 
e Not reused between sites, applications, and other different sources. 
umm DYoWs alo) mUKX=M ola) \Vammoro) anv a aColamce) ae (cman (1.<= Mam ae) ac\= ¥en 0) anak oxo) @ a1 01 a) 


Here is a nice website showing you some examples and guidelines: http: 
Watch this insightful video by Computerphile: 


Use a different one for each service/device if possible. Do not make it easy for an adversary to access all your 
information because you used the same passphrase everywhere. 


You might ask how? Simple: use a password manager such as the recommended KeePassXC. Only remember the 
passphrase to unlock the database and then store everything else in the KeePassXC database. Within KeePassXC 
you can then create extremely long passwords (30+ random characters) for each different service. 


546 Wikipedia, Passphrase https://en.wikipedia. ki/Pa rase#Passphrase_sele 
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Appendix A3: Search Engines 


AAV altel almst-¥-1ae1aM=la¥sd/alemnen e)(ol. ql ame] malig 


| will not go into too many details. Just pick one from PrivacyGuides.org (https://privacyguides.org/providers/search- 
engines [Archive orel), 


Personally, my favorites are: 
e https://duckduckgo.com/ (because you can easily use operators such as “!g” to google or “!b” to Bing) 
e =https://www.startpage.com/ 
e SearX (https://searx.me/) instances listed here: https://searx.space/ 


Note that some of those have a convenient “.onion” address: 
e DuckDuckGo: https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 


In the end, | am often not satisfied with the results of both those search engines and still end up on Bing or Google. 


Appendix A4: Counteracting Forensic Linguistics 
Note that this information is taken and adapted from a Dread Post available here: 
http://dreadytofatroptsdj6io7I3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/aad54fe83b33a8a45920/ 


INoWs oF -Ar-laaaM Co laleclavel=xe Mm olUiumcvo)aat Mian) fo) ar) alm-ler-]olr-|u(olaicw-) atom aaveleibiler-la le) atom at-NVicm o-t-lamaat-le(-mxomian]e) ge) -Mdal-Mcol0] go(-) 
post in various ways. 


Introduction: 

Stylometry is our personal and unique writing style. No matter who you are, you have a unique finger printable, and 
traceable writing style. This has been understood for a while now, and a branch of forensics is built off of this 
principle: forensic linguistics. In this field, the particular name for forensic linguistics applied to internet crime is 
called “Writeprint”. Writeprint primarily aims to determine author identification over the internet by comparing a 
suspect’s text to a known collection of writer invariant (normally written) texts, and even without comparison texts, 
id asmce)e=yalsi(omx=Lol al alco le(= Mer] aMvai-1 (eM ol-lacco) al-] malice) aaat-id(olam-] ele] 0) mr-lamr-[Uiuale) mol 0 (ol alr-low-x-1a(o(=] amr-t ear] ale Ml ol-)acve) al-) [LAVA 


What does an adversary look for when examining your writing? 
1. Lexical features: analysis of word choice. 
Syntactic features: analysis of writing style, sentence structure, punctuation, and hyphenation. 
3. Structural features: analysis of structure and organization of writing. 


4. Content-specific words: analysis of contextually significant writing such as acronyms. 
5. Idiosyncratic features: analysis of grammatical errors, this is the most important factor to consider because it 
provides relatively high accuracy in author identification 
Examples: 


You might think that this is not something that an adversary pays attention to? Think again! There have been 
multiple cases where adversaries such as law enforcement have used Writeprint techniques to help catch and 
sentence people. Here are some examples: 


e The OxyMonster case (https://arstechnica.com/tech-policy/2018/06/dark-web-vendor-oxymonster-turns- 
out-to-be-a-frenchman-with-luscious-beard/ chive orsl); 
© Public data revealed that Vallerius (a.k.a OxyMonster) has Instagram and Twitter accounts. Agents 
compared the writing style of “OxyMonster” on the Dream Market forum while in a senior 
Moderator role to the writing style of Vallerius on his public Instagram and Twitter accounts. Agents 
discovered many similarities in the use of words and punctuation to including the word “cheers;" 
double exclamation marks; frequent use of quotation marks; and intermittent French post. 


Do not use the same writing style for your sensitive activities as for your normal activities. In particular, pay close 
attention to your use of common phrases, and punctuations. Also, as a side note: limit the amount of reference 
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material that an adversary can use as comparison text, you do not want to find yourself in trouble because of your 
political Twitter post, or that Reddit post you made years ago, do you? 


Here is another example from the book American Kingpin, about how a DEA agent investigated the writing 
style of DPR (Dread Pirate Roberts a.k.a Ross Ulbricht, founder of the Silk Road Dark Market) from a unique 
perspective: For one, Ross Ulbricht used the word “epic” a lot, which showed that he was likely young. He 
also used emoji smiley faces in his writing, though he never used a hyphen as the nose, writing them as “:)” 
rather than the old-fashioned “:-)”. Yet the one attribute about Ulbricht that stood out was that rather than 
writing “yes” or “yeah” on the site’s forums, Ulbricht instead always typed “yea”. 


Pay attention to the little things that might add up. If you usually reply with “ok” to people, maybe try to reply with 
“okay” for your sensitive activities. You should NEVER use words or phrases from your sensitive activities (even if 


they are not in a public post) for normal purposes, and vice versa. Ross Ulbricht used “frosty” as the name for his Silk 
Road servers, and for his YouTube account, which helped convince law enforcement that Dread Pirate Roberts was 
in fact, Ross Ulbricht. 


How to counteract the efforts of your adversary: 


1. 


Reduce the amount of comparison text for adversaries to compare you with. This goes with having a small 
online footprint for your normal activities. 

Use a word processor (such as LibreWriter) to fix any grammatical/spelling errors that you regularly 
encounter. 

Reduce or change the idioms that you use while conducting sensitive activities. 

Understand how your identity affects your writing style: Is your alias younger? Older? More educated? Or 
less educated? If your identity is older, maybe speak in a more JRR Tolkien style of writing. 

Pay attention to how your slang and spelling might identify you. If you are from the UK, you should say 
“maths”, but if you are from the US you say “math”. It does not matter how you say “maths”, all that 
matters is that it can be used to profile you. This also applies to slang as many regions each have different 
and extremely particular slang. You do not ask someone from the USA for a “rubber” and expect them to 
give you an “eraser” as an example. 

Pay attention to your use of emoticons and emojis. In the previous example, the DEA agent was able to 
make a correct assumption that Ulbricht was likely young because he did not use a hyphen when making a 
smiley emoticon. 

Pay attention to how you structure your writing. Do you use two spaces after a period? Do you constantly 
use parenthesis in your writing? Do you use the oxford comma? 

Consider what symbols you use in your writing. Do you use €, £ or S$? Do you use “dd-mm-yyyy” or “mm-dd- 
yyyy” for dates? Do you use “08:00 pm” or “20:00” for time? 


What different linguistic choices could say about you: 


manteldtero) aise 
1. Russians for example use “)” instead of “:-)” or “:)” to express a smiley face. 
2. Scandinavians use “=)” instead of “:-)” or “:)” for a smiley face. 
3. Younger people generally do not use a hyphen in their smiley faces and just use “:)”. 


Structural features: 


1. 


Two spaces after a period give off the impression that you are quite older because this is how typing was 
taught to people learning to type with typewriters. 

In the US people write numbers out with commas between numbers to the left of the starting number and 
with periods between numbers to the right of the starting number. This is in contrast to how people write 
out numbers on the rest of the planet. 


US: 1,000.00S 


0] ne) 0} =F 010108010 3 
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Sexe] [laycamsitcVaycarel ale mc\ Zanlele]|s 

1. Obviously, people in different nations use different slang. This is even more pronounced when you use slang 
that is not as well known in other places such as someone from the UK mentioning a “headmaster” when in 
other nations it is referred to as a “principal”. 

2. Spelling is another important factor that is similar to slang, except it is harder to control. If you want to 
pretend that you are from the USA, but you actually live in Australia, it only takes one time of spelling 
soo) Co] auamr- Kom ece) (0) ah Ko (=m (=o) 0) (-MU] ale (=lecie-)ave ma gt-lmmcre)aaT=vd al avca m0) om 

3. Some people also spell words in a particular way that is not regional for example you might spel 
“axe” or vice versa. 


Le 


ax” as 


4. Ofcourse, the symbols you use on your keyboard can give a lot of information away, such as £’s or S’s. 


Techniques to prevent writeprinting: 
Here are some techniques in order of use: 


Sorell [larcarclatemcam-Vanlaat-lamealevol dace 
This helps prevent some fingerprinting done using your spelling and grammar mistakes 


Offline using a word processor: 
Use a word processor such as LibreWriter and use the spelling and grammar checks features to fix mistakes you 
might have typed. 


Online using an online service: 
Him eLU Ie (ols ao) a at-NV{-mr- M0) com 0] gol e-\-s:10) mr-VZ-11(-] 0) (=o) axe (o) alam -]almmnomUK\-Me) a(-Mmn\Z010 Mor-lalr-] (eM ULY-M-la lo) al llarems) eX) [false] ale| 
grammar checker such as Grammarly (this requires an e-mail and an account creation). 


MMeclaksiciulelamuvelalalre[Uley 

Disclaimer: a study archived here: 
https://web.archive.org/web/20181125133942/https://www.cs.drexel.edu/~sa499/papers/adversarial_stylomet 
ry.pdf seems to indicate the translation technique is inefficient to prevent stylometry. This step might be useless. 


After being done with spelling and grammar fixes. Use a website or software such as Google Translate (or for a more 
privacy-friendly version, https://translate.metalune.xyz) to translate between several different languages before 
translating back to your original language. These translations back and forth will alter your messages and make 
bilayxc1a da laiulaycmantelacmeliaalely) tem 


Search and replace: 
ai fareli Names] are me) elated ar-l | Nvaur-\eloMmcve) a al=Mcr-] ie oVal OU] a ofols-9 0) | hVar-(olol |al-mcxo) galeW eal Sit]. <x ROMOL0] aN ga (ekST-} Xoo 


First decide upon a list of words that you frequently do not misspell, maybe the words “grammatical”, “symbol”, and 
“pronounced” (this list should include more words). Do not use an AutoCorrect automatic replace option for this as 
it might correct when it does not make sense. Instead, use Search and Replace and do this manually for each word. 
Do not use “Replace All” either and review each change. This is just the first step, for providing misinformation 
against linguistic fingerprinting. 


Next, find a list of words that you commonly use in your writing. Let us say that | love to use contractions when | 
write, maybe | always use words such as: “can’t”, “don’t”, “shouldn’t”, “won't”, or “let’s”. Well, maybe go into 
LibreWriter and use “Search and Replace” to replace all contractions with the full versions of the words (“can’t” > 
“cannot”, “don’t” > “do not”, “shouldn’t” > “should not”, “won’t” > “will not”, “let’s” > “let us”). This can make a 
large difference in your writing and give a difference in how people and most importantly your adversaries perceive 
you. You can change most words to be different, as an example you can change “huge” to “large”. Just make sure 


these words fit with your identity. 


INKoN VAMeXo) pk} (0 =) ax ol a¥=] a) <4] ay <an\Z010) anv) £0) go kcMei alo) (or=SMu non il mr I 2x=1oy24 a-) 0) a) (om (ofer-d(o) aml F-\V om OLUM [VMI amd a\=m OM Yar lalemVZOLUMNZ-al mine) 
give the impression that your identity is from the UK. For example, you can make use of location-based spelling and 
lexicon. This is risky, and one mistake can give it away. 
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First off, you need to decide where you want to give the impression of your location. Here is an example to give off 
the impression that you are from the US, or the UK. First, you will need to understand a thing or two about where 
your identity is “from”, do not pretend that you are from the UK, yet have no idea about it other than it exists. 


VN ive) mnv(oLUM ay- Vem Yoile(={o MU] ofolamr- M-xelelom (oler-d(olamuar-| mol] mi ol-lalui nya cM icelaa Mm ec\ct-]ceamaal-mellar-laclaraccm lam leery xo 
between the two languages (in this case between UK English and US English). Thanks to the internet, this is quite 
easy, and you can find Wikipedia pages conveniently highlighting the regional differences of a language between two 
nations. Pay attention to how certain words are spelled (“metre” > “meter”) and what words are exchanged with 
each other (“boot” > “trunk”). Now that you have a list of words that can be exchanged with each other, and a list of 
spelling that are different, use the “Search and Replace” in your editor and change the words such as “colour” into 
“color”, and “lorry” into “truck”. Again, do not use an AutoCorrect feature or “Replace All” as some changes might 
not make sense. Review each proposed change. As an example, if you were to use AutoCorrect or “Replace all” on 
the word “boot” to change into “trunk”, this would make perfect sense in the context of cars. But it would not 
make any sense in the context of shoes. 


mlarclaclenlace 
Understand that you have to constantly think of what you type and how you type while conducting sensitive 
activities. 


Understand that altering your writing style for such purposes can ultimately change your baseline writing style, 
ironically making your writing traceable over longer periods. 


Proofread yourself at least one time after you are done writing anything to verify you made no mistakes in your 
process. Trust (yourself) but verify anyway. 


Bonus links: 
e = https://www.whonix.org/wiki/Surfing_Posting Blogging#Stylometry 4h "8; Whonix documentation about 
stylometry. 


e = https://wikipedia.org/wiki/Forensic_linguistics Wikess! [Archive.orl: Gives a brief rundown of the basics of 
forensic linguistics, not too informative. 

e = https://wikipedia.org/wiki/Writeprint 'ikless! Archive.ore]: Gives a brief and informative rundown of forensic 
linguistics applied to internet investigations. 

e https://wikipedia.org/wiki/Stylometry Wikiess] [Archive.or]: Gives a brief overview of Stylometry. 

e = https://wikipedia.org/wiki/Content_similarity_detection 'ViK"ess! rchive.ore]: | would recommend reading this, 
quite informative. 

e = https://wikipedia.org/wiki/Author_profiling "ess! rchive.crel: Read through this as well if you are interested in 
this topic. 

e = https://wikipedia.org/wiki/Native-language_identification ikless] [Archive.orel: This js less important if you use a 
translator, but if you do not use a translator to communicate on forums that are not in your native language, 
consider giving this a quick read through. 

e https://wikipedia.org/wiki/Computational_linguistics iKless) Archive.ors], Orly read through this if this topic is 
interesting to you. 

e https://regmedia.co.uk/2017/09/27/gal_vallerius.pdf “"*-°'8!; Explains how authorities used forensic 
linguistics to help arrest OxyMonster (pages 13 — 14). 

e = https://wikipedia.org/wiki/Ted_Kaczynski#After_publication ikiess!] [archive.org]: aay have an IQ of 167, but he 
was caught primarily based on forensic linguistics. 

e = https://i.blackhat.com/USA-19/Wednesday/us-19-Wixey-Im-Unique-Just-Like-You-Human-Side-Channels- 
And-Their-Implications-For-Security-And-Privacy.pdf "hve 8]: Explains how your writing style can be used to 
track you, | highly recommend reading through these slides, or watching the accompanying presentation on 
YouTube. 

Mam ada oisH7/Anal=Yoli-We=¥(e0) ao) ¢-4 4D) ol 7 YA0 160) Nb YAO Psy AD) ol m.P10] GO) \ bx YAOVAoyPA0) oe] g=Ksre1 ai t= 1d(0) a1SyAD) ol OO) \ YA ore VF] Mee 
Wixey-Betrayed-by-the-Keyboard-Updated.pdf "hve 8]: Explains how your writing style can be used to track 
you, | highly recommend reading through these slides, or watching the accompanying presentation on 
YouTube, this is quite similar to the last presentation. 
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https://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-lts-Thorn-The-Dark-Art-Of- 
Remote-Online-Social-Engineering.pdf “"’*-°"8]; This goes over how to potentially spot deception through 
the internet, and presents a checklist to see how trustworthy someone is. | would advise reading the slides 
or watching the presentation on YouTube. 


Appendix A5: Additional browser precautions with JavaScript enabled 
To avoid Browser and User Fingerprinting through JavaScript but while keeping JavaScript enabled, some additional 
safety measures should be observed at least on some websites: 


These recommendations are similar to the ones at the beginning of the guide and especially valid for certain 
websites. Mostly, the recommendation is to use privacy-friendly front-end instances and alternative services for a 
variety of services: 


For YouTube links, use an Invidious instance (https://github.com/iv-org/invidious 4"h* el) 
© |recommend hittps://yewtu.be 
For Twitter links, use a Nitter instance (https://github.com/zedeus/nitter “"hive-o8]) 
o |recommend https://nitter.net 
For Wikipedia links, use a Wikiless instance (https://codeberg.org/orenom/wikiless 4™v*7"!) 
For Reddit, use a LibReddit instance (https://github.com/spikecodes/libreddit “"hve--rel) 
For Maps, consider using https://www.openstreetmap.org 
For Translation, consider using a SimplyTranslate (https://git.sr.ht/~metalune/simplytranslate_web chve-rel) 
at https://translate.metalune.xyz/ 
For Search Engines use privacy-focused search engines such as: 
o StartPage: https://www.startpage.com/ 
o DuckDuckGo: https://duckduckgo.com/ 
o SearX (https://searx.me/) instances: list available here: https://searx.space/ 


(Optional) Consider the use of the https://github.com/SimonBrazell/privacy-redirect “'hve-o'8] extension to automate 
the use of the above services. 


Appendix A6: Mirrors 


Find it online at: 


Original: https://anonymousplanet.org 

Mirror: https://mirror.anonymousplanet.org 

IPFS Mirror: https://ipfs.anonymousplanet.org 

Tor Mirror: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydizkqd.onion 

Archive.org: https://web.archive.org/web/https://anonymousplanet.org 

Archive.today: https://archive.fo/anonymousplanet.org 

Archive.today over Tor: 

alan OM MATE AINVAeINE-WA-cecelol ea] covota ie [oVXo] lno pd ¢e4palol| nop cole PAeL=Yo] alan aloy e) ofa olhYZe Melal(e)aVA-lareyananteleisie) f-lareiae) g-4 


Offline versions (best format for the best readability) of this guide at: 


Light Theme PDF: https://anonymousplanet.org/guide.pdf Mirror] [Archive org] [Tor Mirror] 

Dark Theme PDF: https://anonymousplanet.org/guide-dark. pdf (Mirror) [Archive.org] [Tor Mirror] 
OpenDocument Text (ODT) version at: https://anonymousplanet.org/guide.odt Miro" [Archive.org] [Tor Mirror] 
All at CryptPad.fr https://cryptpad.fr/drive/#/2/drive/view/Ughm9CjQJCwB8Blppdtvj5zy4PyE- 
8Gxn11x9zaqJLI/ 

All at https://anonarchive.org/ with the following public key: 

Bs =} 7D \V/ AYA" ol Ol MINH Ke) ©), €4 \V/ 1 WA Oa PACT aPey-\o] a1 INI ec] ahVa ae 
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No} oX=1 ale] @-Waa Golan] ef-lalalmyccleciielals 


If you want to compare an older version of the PDF with a newer version, consider these online tools (note that | do 
not endorse those tools in relation to their privacy policies, but it should not matter since these PDFs are public): 


e =https://tools.pdf24.org/en/compare-pdf 
e https://products.aspose.app/pdf/comparison 
e =https://draftable.com/compare 


If you want to compare the older version of the ODT format with a newer version, use the LibreWriter compare 
features as explained here: https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html 


VN aY\Vmeol g4 | 


Appendix A8: Crypto Swapping Services without Registration and KYC 
General Crypto Swapping: 


Skip to next section for BTC to Monero. Do not use swapping services for BTC to Monero. 
Here is a small list of non-KYC crypto swapping services, remember they all have a cost and fees: 


e  https://sideshift.ai 
e §=https://bisq.network/ 
e =https://xchange.me/ 
e =https://swap.lightning-network.ro/ 
Cia Ai (omsyiVe lon (Olaliolamalielel-lamsi-1au(e-) F 
http://mlyusr6htlxsyc7t2f4z5 3wdxh3win7q3qpxcrbam6jf3dmua7tnzuyd.onion/coinswap 


Consider having a look at https://kycnot.me/ which is an open-source project listing non-KYC 
exchanges/swapping services (repository at https://codeberg.org/pluja/kycnot.me). 


Suncom \Vilelal-inemelal hye 


Do not use any swapping service, use their Atomic Swap feature. See this Monero Atomic Swap Tool: 
lala oxy WAU] avsine) 6) ef] 9) (=Xs\nVi-] OM ala10 8 


This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self- 
explanatory with detailed instructions for all OSes. 


Appendix A9: Installing a Zcash wallet: 


Remember this should only be done on a secure environment such as VM behind the Whonix Gateway. 


Debian 11 VM: 
e Load the Debian VM 
e Open a browser 
e Goto https://packages.debian.org/buster/amd64/libindicator3-7/download and download from a listed 
allanol 
CM Clos noMl aid olc¥9 A of-\ol.c-¥eX-1om0 (2) ol f-]a Me) go4 ol Uiin=l a A-laateloy- Vall ey-l 0) e)] alol (er-] Ke) aciem Ko Lo) 7a) (oy-Vomr-late melon zal (ey-lomigelaa mem IRin=ve| 
mirror. 
e Goto the ZecWallet Lite Website to download the latest DEB package https://www.zecwallet.co/#download 
(change the download directory to /home/user for convenience) 
Con ©) o=Jane- Mla aaliarclmudiarecenwarlateM abla dat-mce)|(o\nU lala xe) palaat-larekm QNVAidamdal=mo) ofef-lk-te Molo)’ al(oy-(e(-to Viet (o lami 
rat=x=te(=Xe) 5 
o sudo dpkg -i ./libindicator3-7_0.5.0-4_amd64.deb™* 
oMmmNNN10 (0 (oMKo| 0) ¢:a MAI] of-] 6) ol] aXe  [or=] Xe) estes Mal ORS Poy Aa] a ne [oY ofo( =] 0am 
o “sudo dpkg -i ./Zecwallet_Lite_1.7.5_amd64.deb™~ 
e Click the upper left menu, find then launch ZecWallet Lite 
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Ubuntu 20.04/21.04/21.10 VM: 


Load the Ubuntu VM 

Open a browser 

Go to the ZecWallet Lite Website to download the latest DEB package https://www.zecwallet.co/#download 
Open a Terminal window 

CfomKoMoLU] me lenin) (o-Lo Mell naveikolavar-laceMablamaat=Wmice)| (on Atay -mereanlaar-lacem Aid aldal-MU) efel-in-lemo(o"allor-(e(-toRV(-1es (ola m i 
needed), for example: ‘sudo apt install ./Zecwallet_Lite_1.7.5_amd64.deb™ 

Click the upper left menu, find then launch ZecWallet Lite 


Windows 10 VM: 


Load the Windows VM 

Open a browser 

(CoM KOM nian OSMAN AA APZeXANE-) I eLeKeCey x0 (eWZ0) (el-(o| 
Download and install the latest Windows installer 
Launch ZecWallet Lite 


Whonix Workstation 16 VM: 


Load the Whonix Workstation VM 
Open Tor Browser 
(CoM KOM aia OSI M/A Ole lel e-}-x=xMe l=] ol [1a MO] #4 A OLUSIK=l Ae] aaTelor-YAll o)|avel{or-ine) este Aocey niin) (el-lomr-lareme(ohiiallor-leMmigelaal- miner | 
mirror. 
(CoM KOM aia OISHI M/A of le1e-}-x=sMo(=1 0) [aol g¥A OLS R=l eA] a ale lor YA ll ox-] 0) 6) | avel ere] Ke) go Aol enWVza) (oy-Lomr-] ave ReCohuYial (el-lol igo) eam M iia=ve| 
mirror. 
Go to the ZecWallet Lite Website to download the latest DEB package https://www.zecwallet.co/#download 
(change the download directory to /home/user for convenience) 
Open a Terminal window and run the following commands (with the updated downloaded version if 
mateexe (te) B 
oMNNN10(o(oNo| 0) ¢:ate VAI] 6) ale | (er=) Xo) gv all OO Oy i=] pao o1/ Ie [-) ohm 
o “sudo dpkg -i ./libappindicator3-1_0.4.92-7_amd64.deb*~ 
o sudo dpkg -i ./Zecwallet_Lite_1.7.5_amd64.deb™~ 
Click the upper left menu and go to Development, then launch ZecWallet Lite 


Appendix B1: Checklist of things to verify before sharing information: 


Here is a checklist of things to verify before sharing information to anyone: 


Check the files for any metadata: see Removing Metadata from Files/Documents/Pictures 

Check the files for anything malicious: see Appendix T: Checking files for malware 

Check the files for any watermarking: see Watermarking 

Check any writing for possible forensics analysis: see Appendix A4: Counteracting Forensic Linguistics 
Have a look at this part of the Whonix documentation: 
https://www.whonix.org/wiki/Surfing_Posting_Blogging#Anonymous_File_Sharing “"hve-o8] 

Carefully assess the potential consequences and risks of communicating any sensitive information for you 
and others (legally, ethically, and morally). Remember ... Do not be evil. Legal is not necessarily Good. 


After curating the files for anything you want to leave out. Double-check and even Triple check them. Then you 
could consider sending them to an organization such as a press organization or others. 


Appendix B2: Monero Disclaimer 
First, please read this small introduction video to Monero: https://www.youtube.com/watch?v=H33ggs7bh8M 


[Invidious] 


ai at=W-arelan’/anlia acelin \VAlelal=1aeme (=) ol-Vale (me) amiacmel at olnon-)(<olaidalaatcem mele mo(oMULX-M\V/(olai-lcomicelani- MOA On = colal-lat-x-Pm COLUM e= 1am of-) 
almost certain that you are safe today. But you might not be in the long-term future if Monero algorithms are ever 
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broken®”” (think Quantum Computing). Do keep in mind that KYC regulations might force operators (such as Crypto 
Exchanges) to keep your financial records for up to 10 years and that you, therefore, need Monero algorithms to not 
be broken for the next 10 years as well. 


You may want to watch this insightful video for more details: https://www.youtube.com/watch?v=j02Qol4ZInU 


[Invidious] 


Also please consider reading: https://github.com/monero- 
project/monero/blob/master/docs/ANONYMITY_NETWORKS.md#privacy-limitations "hve o] 


If you feel extra paranoid and want the highest safety level possible, see the Extra-Paranoid anonymous option. 


Use these at your own risk, sending cash payments to providers accepting cash (through the postal service) is 
always a better solution if/when possible, IMHO. 


Appendix B3: Threat modeling resources 
Here are various threat modeling resources if you want to go deeper in threat modeling. 


e (My personal favorite) LINDDUN https://www.linddun.org/ A’chve ore) 
e STRIDE https://en.wikipedia.org/wiki/STRIDE_%28security%29 [Wikies] [archive.org] 
e PASTA https://versprite.com/tag/pasta-threat-modeling/ “chive-ors] 


And there are quite a few others too, see: 
e https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ ’hive-ors] 
e https://www.geeksforgeeks.org/threat-modelling/ “chve-o! 


by LolUer-Tamilatemxolent-miaidgetelUlod(olameo)amaat-sx-Me) amd al-i-m 6) ce) (elec 
e Threat Modeling Manifesto: https://www.threatmodelingmanifesto.org/ “chive-orel 
e OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling Cheat_Sheet.html 4hve-crl 
e Online Operations Security: 
https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC 


Mle aion 
Creative Commons Attribution-NonCommercial 4.0 International Public License 


By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and 

(oxo) atolid(olaiMe)mualicm@lg-r-)u\ om Golealantolacw-\aualelUid(olara\ (ola @o)ealant=1ae-] @-MOM laln-lear-vale)at-) m0) )| (om M(a-lalX-m OM 20] 6) (0 
License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed 
SU=4 a1 nom fa mecey alsi(ol<le-|uleolame)m Cole] mr-(oce-) ol -] a(x =o) mal {om nc) aanicm-) are Move) alo) iule)alsyar-) ave me a(om M(oc-1 ale) ated g- lal mcm COLO MIU Lola] 
rights in consideration of benefits the Licensor receives from making the Licensed Material available under 
these terms and conditions. 


Y<Yoid(o) ai Mee DY=Vilayia(e) aise 


a. Adapted Material means material subject to Copyright and Similar Rights that is derived from or based upon 
the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or 
Coldat=1avAcxomanrecelhil=xeM lam Mant-lalalqlanasxe [ll alalca ol-laaalkssi(elam lave (-lanuar-m Ovo) on’, al-4avar-lave mcd [eali lam a\i:4 al ecmat=le i oh Vaid al) 
Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or 
sound recording, Adapted Material is always produced where the Licensed Material is synched in timed- 
relation with a moving image. 

b. Adapter's License means the license You apply to Your Copyright and Similar Rights in Your contributions to 
Adapted Material in accordance with the terms and conditions of this Public License. 


547 Monero Research Lab, Evaluating cryptocurrency security and privacy in a post-quantum world https://github.com/insight- 
decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf Archive's] 
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c. Copyright and Similar Rights means copyright and/or similar rights closely related to copyright including, 
without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without 
regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in 
Section 2(b)(1)-(2) are not Copyright and Similar Rights. 

d. Effective Technological Measures means those measures that, in the absence of proper authority, may not 
be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on 
December 20, 1996, and/or similar international agreements. 

Wa => Cot} olde) alow] ae Minalic-yaled atm anlst-la\cm ili me ksomm cell axe let] llalcamrel ares Kelar-Vanvmel uals) am=>.<oxe) old (ela Mo) mi liealie-yaie) aM nem Go) o\Vats4 aie 
and Similar Rights that applies to Your use of the Licensed Material. 

f. Licensed Material means the artistic or literary work, database, or other material to which the Licensor 
applied this Public License. 

g. Licensed Rights means the rights granted to You subject to the terms and conditions of this Public License, 
Val (ola) am liaalinsyom xolr-)|m@colo\Zat-4aumr-)aromsyealit-lana{-4niacmuar-lar-]0)°)hmnom Coll] aU Y-Moyamual-m Mior-lant-com\Vi-laclatle-laemaare]s 
the Licensor has authority to license. 

h. Licensor means the individual(s) or entity(ies) granting rights under this Public License. 

Pam Co) al Cola alant=laeit=] mantsy-laccm acolen ola lant-lai ha laln=late(=tom ce) mo) mel [aol nto Mae) \i-] a0 (morolanlaal=)aelf-) m-Le\\Z-]alm-lx-me) anna le) al=ii-) a] 
compensation. For purposes of this Public License, the exchange of the Licensed Material for other material 
£0] 0} (You mn KOM OCo) oN Vat 4 aimr-lalomsyiaalitlamati-4aincm on acell:4im-) mal (tes) are] alalome) eli anil t-lamaatey-] asm ism eo) a1 @Colaalaal=laelk-] me) qen Vite [=10| 
there is no payment of monetary compensation in connection with the exchange. 

j. Share means to provide material to the public by any means or process that requires permission under the 
foxy akxeLoMm aVi-4n1ecpmclOL ol aWr- [om a= 0) qole|ULolu(o) apm 10] o)|(ome|Kyolt-h’am 010] o)|(om ol-laxo)anar-lale-mmel inal olUid(ola mmol s-eallarcialela 
(oro}anlanlelalier-|a(olapmeyanlan) oxe)ar-\a(o) ape) alemnom aat-),<-Maat-1u-)ar-]m-N\Z-]1(-] o)k-mKomnalom ol] o)l(omlavellUlol lato iam \ maar] Mm eat=eal ele) as 
of the public may access the material from a place and at a time individually chosen by them. 

k. Sui Generis Database Rights means rights other than copyright resulting from Directive 96/9/EC of the 
AU] geo) ol -¥-JaMu ox-lalt-laai=aimr-]aleme)md alm @olUlavel| Mey iam Wt WY, '-]ae1 al Ache] oMol alm dal-m(-¥<4-] No) mo)K-Lolu(e) ao) me[-le-] of-1X-\pur- Kowr-] gall alol=1o| 
and/or succeeded, as well as other essentially equivalent rights anywhere in the world. 

|. You means the individual or entity exercising the Licensed Rights under this Public License. Your has a 
(oro) dac=t} exe) alolfal-mantey-lallal-a 


SY <1 01 (0) pW Ates1 (0) 01-8 


a. License grant. 

SIU] 0) (Lola Kolm dal=Mncl ganic] ale Mm ae)ate|id(o) atmo) mualicm r10) 0) [om M (oct aks-vane a(om M (or) alse) am al=1 a=) o\Var4 =] a am COLUM} 
worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the 
Licensed Rights in the Licensed Material to: 

A. reproduce and Share the Licensed Material, in whole or in part, for NonCommercial 
purposes only; and 

Samual ©) goo [U[oc=¥l a=) 0] nolo [U(ol-¥ar- ]alolms) a=] a=W -Vor-]o)u-tom \V/F-la-lat-] miele \ (ol al Qe)ealant-laeil-]m ol0 [a ofesst-\Wo) a) Va 

Yemen =,<o =) 0} (0) ake Jalen Minalier-lite) also me) ana at=W-\VZ0) (0 f-) ale Mo) mole l¥] 0) mm al-1g-m =>.Cx-l old (olalcw-lalom Mina) ie-|a ie) alse] 6) 0) Vane) 
Your use, this Public License does not apply, and You do not need to comply with its terms and 
conditions. 

3. Term. The term of this Public License is specified in Section 6(a). 

4. Media and formats; technical modifications allowed. The Licensor authorizes You to exercise the 
Licensed Rights in all media and formats whether now known or hereafter created, and to make 
technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right 
or authority to forbid You from making technical modifications necessary to exercise the Licensed 
Rights, including technical modifications necessary to circumvent Effective Technological Measures. 
Zo) au oLU]q fok-XMo) md pl icm 20] 0) (om Morel aXePmcy ian) ol Vane at-1.dlatca aaterellalersa(o)akcw-l0luale)ar4-loll o)\Vmdal cisy-loid (0am (-)1 (49) 
never produces Adapted Material. 

5. Downstream recipients. 

A. Offer from the Licensor — Licensed Material. Every recipient of the Licensed Material 
automatically receives an offer from the Licensor to exercise the Licensed Rights under the 
terms and conditions of this Public License. 

SH NOM (oN aki a=y- aa aeein al oid(o) ake COLUM aat-\Valalelmoyaicl axe) ailaal oyes{-m-lahvar-leleliu(o)at-] me) mellaicla-lalmulaeals) 
or conditions on, or apply any Effective Technological Measures to, the Licensed Material if 
doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material. 
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(opm \ CoM =ValoCo)ecXeVaql=)auenm\ (oldallatea (alm dalism 210] 0} | (om Mord atx Move) aliujdUin-\Mo) al aaY-WVm ol Moco a\iugu|-10 f- Icom oll aan) si (0) an Ke) 
assert or imply that You are, or that Your use of the Licensed Material is, connected with, or 
sponsored, endorsed, or granted official status by, the Licensor or others designated to receive 
Flava] olUiaolam-\om o)go)Vi(e (=e Mlamsy-led(olamet (=) 1910-0] ()F 

b. Other rights. 

1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are 
publicity, privacy, and/or other similar personality rights; however, to the extent possible, the 
Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent 
necessary to allow You to exercise the Licensed Rights, but not otherwise. 

2. Patent and trademark rights are not licensed under this Public License. 

3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of 
the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable 
statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right 
to collect such royalties, including when the Licensed Material is used other than for NonCommercial 
purposes. 


Section 3 — License Conditions. 
Your exercise of the Licensed Rights is expressly made subject to the following conditions. 


a. Attribution. 

1. If You Share the Licensed Material (including in modified form), You must: 

A. retain the following if it is supplied by the Licensor with the Licensed Material: 

i. ol=Valuhiter-iulo)a Mo) mua(-Molgct-lne)a (3) mo) ma al=m M (or) atyereM\V/F-1ecl at] b-lale me lal Vmeldalclecmel=\ii-4ar-]te mine) 
receive attribution, in any reasonable manner requested by the Licensor (including 
by pseudonym if designated); 

ii. EWeo)e) Val aimarelu(acy 

iii. a notice that refers to this Public License; 
iv. a notice that refers to the disclaimer of warranties; 

V. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; 

semen [ae (ox-inc lam COLUM a aero) |il=Vommualom M (ocd ais-Lom \V/f-1K-1ar-] m=) aloM cite] i am-laMlare| {orld (ola Me) m-la\ vale) a-\ (010K 
raakeXelliterchale)akcparelale| 

C. indicate the Licensed Material is licensed under this Public License, and include the text of, 
or the URI or hyperlink to, this Public License. 

2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, 
raakex-lakyar-}ale mero) ain=><mmlaMw/al(eaWn ColU lms) at-la=ma alm Mier) aty-o lm r-1n=) af-] em me) m=>.<-) 0010) (Pm lel gat-)Val ol = =t-10) pt] 0) (-mne) 
F-1U AVM aTem ero) lel id(olalcm on’ay ola o\A(ellal-ar-M Ol ni Molau and ol-1a lial anon a-colll gam val-lel fale0(o(-tomualmaclolll| acto, 
Talielanarcliceap 

3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) 
i old a{eM=).4n-1 0] Ml =r-k0) al] 0) NV ol e-Leud (er-] 0) (= 

Ua | im ColU ns) a¥-] a=W Vor] olactom \V/f-lnclat-] im AolU Mo] qofolU(x-mual-W-\ol-] 0] X=) acm [a= al{om ColU I~] 0) 0) \Vm anim aloyal o)a-\Viclal 
racYoll o){=1alnsmo) ma al=w-Vof-]ornclom \V/F-1nclar-] mine) aamerolan)e)\Valavcanw vidal dalicm p10] 0) | (om (oC) aioe 


Section 4 — Sui Generis Database Rights. 


Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed 
Material: 


a. forthe avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or 
FIRIU) olsie- alt=] olo)a de) amo) md al= Move) eine) aiucwo) mul a(=Wel- li] oY Km co) am\ (o) al Ge) aalaat=)aell-] m ol0l a ofesX-to) a) Ve 

b. if You include all or a substantial portion of the database contents in a database in which You have Sui 
Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its 
aXe AVAtolUE=] mexolalu=laias) Micw-Vor-] elncYom\V/I-ln=lar-] Mclale! 

(om COLUM a aLULvaeolon] ©) ANU idamaal=Mao)alelidie) alow la msyeroid(o)pWsl (=) Mim COLUM) al-]a-¥-]| Mo) ar- M10] olcit-]alut-] mole) adie) ameoyamaal-Moe) eine) a) a) 
of the database. 
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License where the Licensed Rights include other Copyright and Similar Rights. 


Section 5 — Disclaimer of Warranties and Limitation of Liability. 


Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the 
Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning 
the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, 
warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or 
other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where 
disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You. 

To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without 
limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, 
exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the 
Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or 
(oF Vaat-l-Xo\mmVAalel acme ln lan) ite] (e)a mo) mi t-lo)|liavaicmaloymr-)|(o\i Yomi ama) |me)an lal oy-)aqm dalicmllealie-idie)ameathmarelmr-]¢)o)\ manele Colle 
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to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. 
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d. 


This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail 
to comply with this Public License, then Your rights under this Public License terminate automatically. 
Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates: 
1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your 
discovery of the violation; or 
2. upon express reinstatement by the Licensor. 


For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek 
remedies for Your violations of this Public License. 


For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or 
conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this 
Public License. 

Sections 1, 5, 6, 7, and 8 survive termination of this Public License. 
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unless expressly agreed. 

Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are 
separate from and independent of the terms and conditions of this Public License. 


Section 8 — Interpretation. 


For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, 
restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without 
permission under this Public License. 

To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be 
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reformed, it shall be severed from this Public License without affecting the enforceability of the remaining 
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No term or condition of this Public License will be waived and no failure to comply consented to unless 
expressly agreed to by the Licensor. 
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d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any 
privileges and immunities that apply to the Licensor or You, including from the legal processes of any 
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